[nycphp-talk] Upcoming Month of PHP Bugs
Ben Sgro (ProjectSkyline)
ben at projectskyline.com
Tue Feb 20 19:04:43 EST 2007
That's pretty interesting suff. This can only be good for the long term
health of PHP,
but we might seem some haxors attempting to exploit these 0days..better stay
patched!
I started off a c-coder, ... for anyone who's intrested in php internals (c
code)
the book 'Extending and Embedding PHP' is a great one.
- Ben
----- Original Message -----
From: "csnyder" <chsnyder at gmail.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Tuesday, February 20, 2007 6:59 PM
Subject: [nycphp-talk] Upcoming Month of PHP Bugs
> So apparently we're in for a treat in March (as if daylight savings
> time wasn't enough) as Stefan Esser will be publicizing a laundry list
> of active vulnerabilities in PHP, one or more for each day of the
> month.
> http://www.securityfocus.com/columnists/432/
>
> Here's somebody who had been working with the core developers to try
> to get these things fixed, but has been frustrated to the point of
> resorting to a "Month of Bugs" style publicity stunt. If what he says
> is true, about overflows and other bugs being ignored, that's a pretty
> major breakdown in quality control.
>
> I don't know C, and I would have no idea what to look for in doing an
> audit of PHP (the language) itself. But it seems (from Ilia's comments
> anyway) that such an audit is long overdue.
>
> So now I have to wonder, do IBM and Yahoo deploy stock PHP binaries?
> Or do they carry out their own internal audits to discover and patch
> the sloppier parts of the codebase?
>
> --
> Chris Snyder
> http://chxo.com/
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
More information about the talk
mailing list