Google has been quick to blacklist domains implicated, most often unwittingly, in the distribution of what has become known as the SoakSoak malware campaign courtesy of soaksoak.ru being the first domain in the redirection path it used. With 11,000 domains blocked over the weekend, you might be forgiven for thinking that it's another WordPress hosting sites security problem sorted before it can do any harm. However, most experts I have spoken to would seem to agree that 11,000 domains is just the tip of this particular iceberg and the actual number of soaksoak impacts on WordPress specific sites is in …

Member Avatar
+2 forum 0

It has been [officially confirmed](http://php.net/archive/2013.php#id2013-10-24-2) that the php.net website of the open-source PHP programming language has been hacked and infected with malware. The successful breach of the site came to light yesterday morning when the Google Safe Browsing service started flagging php.net as serving up malicious scripts. This was, at first, denied by php.net which Tweeted claims that it was down to a false negative by Google. However, that position has changed and now it has been officially confirmed that two servers at php.net had been hacked and were, indeed, hosting malicious code in order to install malware on the …

Member Avatar
Member Avatar
+13 forum 10

In the newly published Imperva 'Hacker Intelligence Initiative Report' the in-the-wild modification and exploitation of PHP SuperGlobal variables has been investigated. This particular external variable modification weakness has been described as being where a PHP application does "not properly protect against the modification of variables from external sources, such as query parameters or cookies". Imperva has seen evidence of SuperGlobal variables being used as a launchpad for remote code execution, remote file inclusion and security filter evasions attacks. The report itself should be something of a must-read for anyone developing PHP applications who wants to get a grip on how …

Member Avatar
Member Avatar
+4 forum 9

Everyone loves PHP these days it seems, and that includes the bad guys. So it should come as no surprise to learn that yet another remote access Trojan written using PHP has appeared. However, the fact that this particular bit of PHP backdoor code comes complete with a second, hidden, backdoor within it certainly was surprising to the security researcher who found it. DaniWeb has been talking to that researcher to find out more... [attach]17135[/attach]"Is there no honor among thieves anymore?" asks Andrew Brandt, the Lead Threat Analyst for security specialists Webroot, when disclosing the details of his [URL="http://blog.webroot.com/2010/09/06/php-backdoor-has-another-backdoor-inside/"]PHP double …

Member Avatar
Member Avatar
+4 forum 10

Rapid Application Development has come a long way since the early days of Delphi and Visual Basic in the mid 1990s. I remember those days well, as I immersed myself in Pascal development with the original Delphi back in 1995 and even wrote a couple of books about it. Delphi was created by Borland, and then, after Borland changed its name twice (first to Inprise, then back to Borland), Delphi was later moved to a new company spun off by Borland in 2006 called CodeGear. CodeGear was then bought by Embarcadero Technologies in 2008. Today Delphi and its descendants are …

Member Avatar
+3 forum 0

If you are a PHP, Zend or IBM fan, today Zend and IBM announce a major release for IBM i-Series Servers. Zend Technologies and IBM are working together to offer PHP solutions for IBM i customers. Today Zend announced Zend Server for IBM i, a Web Application Server for applications running on IBM i and Power System servers. (see attached or click on links below for more) [B]What’s New from Zend and IBM[/B] Zend Server for IBM i – Runtime and Management Features [B]·[/B] Business-grade PHP – An up-to-date, fully tested, supported and documented PHP stack ensures high reliability and …

Member Avatar
Member Avatar
+0 forum 1

It's true. [URL="http://www.oracle.com"]Oracle[/URL] is now, with its acquisition of Sun Microsystems, the world's largest purveyor of open source software. Does that surprise you? It did me too, until I started digging and realized that Oracle has a history of supporting free and open source software. Their support didn't start with their purchase of InnoDB, MySQL or Sun. It goes back into ancient times--Internetly speaking, of course. And, yes, I know that I've taken my share of shots at Oracle and the wonderful Larry Ellison but I also have to own up to the fact that they are good open source …

Member Avatar
Member Avatar
+0 forum 15

Zend Technologies today is set to announce a series of alliances intended to allow its PHP framework and development environment to work with other widely deployed RIA technologies from Adobe, Dojo and IBM. In a keynote speech at [url=http://www.zendcon.com/ZendCon08/public/content/home]ZendCon[/url], the company's annual PHP developer conference in Cupertino, Calif., Zend CEO Harold Goldberg reportedly was to deliver the news. The most far-reaching collaboration will be with Adobe, and is aimed at simplifying development of PHP application that combine PHP with Flex, the company's popular framework for developing rich Internet applications. I received advance copy of an embargoed document, in which it …

Member Avatar
Member Avatar
+0 forum 1

Yahoo Inc., the apple of Microsoft’s eye in recent weeks, has unveiled improvements to the [URL=http://developer.yahoo.com/] Yahoo Development Network[/URL], Web-service capabilities and advertiser opportunities. The moves could be seen as an attempt to show Yahoo’s value is greater than the US$40 billion acquisition bid of the Redmond giant. Most recent was the announcement Thursday of the opening of Yahoo’s Web services to application developers, a move that echoes in some ways [URL=http://www.daniweb.com/blogs/entry2353.html]changes by MySpace[/URL] and Facebook social networks to simplify access to their networks and offer developers more capabilities. In his keynote speech at O’Reilly’s Web 2.0 conference in San …

Member Avatar
+0 forum 0

[URL="http://www.gentoo.org"]Gentoo[/URL] has issued a security advisory with a high impact rating affecting users of PHP <5.2.2. Several vulnerabilities have been found in PHP, not least a huge number discovered by Stefan Esser during the infamous Month Of PHP Bugs (MOPB) including integer overflows in wbmp.c from the GD library and in the substr_compare() PHP 5 function. There have also been reports of a buffer overflow in the make_http_soap_request() and in the user_filter_factory_create() functions as well as a buffer overflow in the bundled XMLRPC library. If that weren’t enough, the session_regenerate_id() and the array_user_key_compare() functions contain a double-free vulnerability. Oh, and …

Member Avatar
Member Avatar
+0 forum 4

IT security specialist [URL="http://www.sophos.com"]Sophos[/URL] is warning anyone with a website about recently uncovered evidence that spammers are hacking into legitimate sites in order to sell drugs. Online pharmacy spam, be it under the Viagra or just general prescription drug banner, has become one of the most annoying and persistent forms of the junk mail genre. Rather than advertise the actual URL of the pharmacy site within the messages, however, the drug-peddling pharmacy spammers are instead directing users to the websites of innocent users unaware that they have been hacked. All the sites uncovered by Sophos are using PHP, most likely …

Member Avatar
Member Avatar
+0 forum 4

The End.