Community News: PHP Security Alert

Grok Headline matches for Community News: PHP Security Alert

Community News: Security Alert from
Netcraft

Community News: Security Alert from
Netcraft 06/14/2004 08:06 AM
A security note issued from Netcraft should be noted this week:

Community News: PHP Vulnerability Alert
- 4.3.9

Community News: PHP Vulnerability Alert
- 4.3.9 12/19/2004 03:19 PM
From a note sent along by grout, it seems that there is a new alert for users of PHP 4.3.9:

Community News: The PHP Security
Workbook

Community News: The PHP Security
Workbook 07/29/2004 08:30 AM
In a new posting from the folks over at PHP Magazine:

Community News: PHP Security Consortium
Launched

Community News: PHP Security Consortium
Launched 02/01/2005 09:14 PM
In a large announcement for the PHP community today, Zend has a pointer to the new PHP Security Consortium. Be sure to check out the announement over on Chris Shiflett's weblog today as well...

Community News: Notes on PHP Session
Security

Community News: Notes on PHP Session
Security 03/06/2004 02:08 AM
In a new entry to his SitePoint weblog, Harry Fuecks has some comments and suggestions about PHP session security and how it could effect your site.

Community News: Security Warning for
PHP-Nuke

Community News: Security Warning for
PHP-Nuke 06/15/2004 08:28 AM
Once again, Secunia.com is reporting some bugs in PHP-Nuke that could allow malicious users to conduct cross-site scripting attacks, disclose path information, and cause a DoS (Denial of Service).

Google News No longer Carries Team Amber
Alert News

Google News No longer Carries Team Amber
Alert News 04/08/2005 12:34 PM
Team Amber Alert Apr 8 2005 4:41PM GMT

MEDIA ALERT: Secure Elements Discusses
IT Security for Higher Education at
EDUCAUSE Security Professionals
Conference

MEDIA ALERT: Secure Elements Discusses
IT Security for Higher Education at
EDUCAUSE Security Professionals
Conference 03/31/2005 03:03 AM
Daniel Bezilla, Secure Elements’ chief technology officer, will explore how educational communities can benefit from implementing an Enterprise Vulnerability Management solution. [PRWEB Mar 31, 2005]

Google News Carries Team Amber Alert
News

Google News Carries Team Amber Alert
News 04/10/2005 05:49 AM
Team Amber Alert Apr 10 2005 8:59AM GMT

PHP Security Alert

PHP Security Alert 06/05/2005 11:38 PM
PHP Advanced Transfer Manager Include File Error Lets Remote Users Execute Arbitrary Commands

Security Alert

Security Alert 09/21/2004 04:41 PM

Mac Security Alert

Mac Security Alert 05/12/2004 09:43 AM
A UK government organization responsible for gathering information on IT security incidents has issued two security advisories regarding recently identified vulnerabilities in Mac OS X. By Macworld UK (via MyAppleMenu)

Yet another Windows security alert

Yet another Windows security alert 03/19/2003 10:25 PM
Microsoft has released Security Bulletin MS03-007, which simply says: An identified security vulnerability in Microsoft® Windows® 2000 could allow an attacker to take control of your computer. This issue is most likely to affect computers used as Web servers. You can help protect your computer from this vulnerability by installing this update from Microsoft. If you're using Windows 2000, make sure you install it.

Security Alert: Voluntary XSS

Security Alert: Voluntary XSS 04/09/2004 05:30 PM

This is a personal security alert against a dangerous yet increasingly popular practice which I call Voluntary XSS.  Voluntary XSS involves a website voluntarily embedding script fragments hosted by another, typically very popular, website.  Here is an example:

Voluntary XSS is dangerous because the practice builds a hub-and-spoke (or star) vulnerability network which exposes all the spoke websites to  weaknesses in the hub website.  Since active contents of 'bar.js' from the hub website in the example above is typically injected into every page served by spoke websites, penetration at the hub website allows hackers to change contents of all pages served by spoke websites instantly by replacing the content of 'bar.js' with their own script.

As to how wide spread the use of Voluntary XSS is, Google uses Voluntary XSS to display ads at Google AdSense sites and Technorati uses Voluntary XSS for blog claiming blogs.  I haven't checked Amazon and Yahoo yet, but I intend to soon.

Since this is a personal security alert, allow me to be more blunt than formal security alerts: This is serious shit folks.  By inserting those HTML fragments into your webpages, you are betting that websites hosting those HTML fragments are and will remain impenetrable.Voluntary XSS makes those key websites very attractive to hackers and I seriously doubt any website can withstand constant onslaughts by smart hackers.

My other posts on this topic:

Cross-Site Scripting Network

APWG Threat Advisory Alert on Visual Spoofing

Security Alert: Another IE6
Vulnerability

Security Alert: Another IE6
Vulnerability 11/25/2002 11:55 AM
A new exploit has been found in IE6 that allows a serious security vulnerability. Although this is not directly related to PHP Freaks, I thought I would take a moment to point this out to our readers.

This Is Broken - CNN news alert

This Is Broken - CNN news alert 02/16/2004 10:45 AM
http://broken.typepad.com/b/2004/01/cnn_news_alert.html -----Original Message----- From: CNN Breaking News [mailto:BreakingNews@MAIL.CNN.COM] Sent: Friday, January 09, 2004 9:36 AM To: TEXTBREAKINGNEWS@CNNIMAIL12.CNN.COM Subject: CNN Breaking News -- U.S. terror alert to be dropped to yellow, or elevated, today, sources tell CNN. Watch CNN or log on to http://CNN.com (AOL Keyword: CNN) for the latest news.

Gates sparks security alert

Gates sparks security alert 07/30/2004 06:26 AM

Security Alert: PHPNuke Strikes Again

Security Alert: PHPNuke Strikes Again 02/04/2003 08:40 AM

Feds Alert to Web Security Threat

Feds Alert to Web Security Threat 03/21/2003 05:59 AM
The Department of Homeland Security advises Americans to brace themselves for acts of cyberterror. But computer security experts say Internet users probably aren't much more vulnerable than usual. By Joanna Glasner.

Security alert at Bute House

Security alert at Bute House 06/12/2004 04:49 AM
A security alert is sparked after a man is seen outside Jack McConnell's official home carrying what looked like a bomb.

Single New Security Alert From Microsoft
For May

Single New Security Alert From Microsoft
For May 05/11/2004 01:44 PM
Windows XP/2003 Help system could execute attack code. In contrast to last month's flood of severe problems, a single "Important" vulnerability in some Windows versions, and re-released of two previous ones.

BA Cancels 2d Flight Amid Security Alert

BA Cancels 2d Flight Amid Security Alert 01/02/2004 02:28 PM
Reuters via Wired News Jan 2 2004 1:08PM ET

Cisco issues wireless Lan security alert

Cisco issues wireless Lan security alert 12/04/2003 09:38 AM
vnunet.com Dec 4 2003 8:48AM ET

Hoax alert prompts security call

Hoax alert prompts security call 09/05/2004 11:16 AM
Residents of a County Antrim estate call for increased security following a loyalist bomb threat.

BA Cancels U.S. Flight Amid Security
Alert

BA Cancels U.S. Flight Amid Security
Alert 01/02/2004 07:22 PM
Reuters via Wired News Jan 2 2004 6:44PM ET

Security alert identifies Oracle holes

Security alert identifies Oracle holes 09/03/2004 06:48 AM
Computer Weekly Sep 3 2004 11:14AM GMT

The MS 'friendly' security alert service
- just say d'oh

The MS 'friendly' security alert service
- just say d'oh 03/20/2003 11:55 AM
A

Greenspan sounds alert on Social
Security

Greenspan sounds alert on Social
Security 08/29/2004 01:41 AM
Seattletimes.nwsource.com - Sun Aug 29, 02:57 am GMT

BA Cancels Second U.S. Flight Amid
Security Alert

BA Cancels Second U.S. Flight Amid
Security Alert 01/02/2004 02:28 PM
Reuters via Wired News Jan 2 2004 1:08PM ET

Security at on-alert airports can take 5
hours to clear

Security at on-alert airports can take 5
hours to clear 01/08/2004 07:48 PM
Andrew Leonard has an op-ed on Salon today describing the amazingly baroque TSA-inspired "security" procedures in Mexico City last weekend, which created a multiple-day delay for thousands of fliers.

I like to travel. But I'm not looking forward to a future in which I need to get to the airport five hours ahead of departure to be sure I won't miss a flight, one in which I'm patted down from head to toe several times every time I try to board a plane, one in which I am constantly explaining every item in my luggage and every twist in my itinerary to hostile agents. I've had the chance to think about airline security a great deal over the past few days, and I'll tell you this: After being asked by one security guard to drink from a water bottle in my carry-on to prove that it wasn't acid or poison; after being interrogated by a U.S. customs agent who was suspicious at the number of books I had in my luggage; after the long lines, the hand inspections, the X-ray screenings, the near riots by enraged passengers, the uncertainty and the anxiety -- after all that, traveling to a foreign land, or even just across the state of California, doesn't seem quite so exotic or alluring anymore.

Link (Thanks, Kevin!)

Greenspan Sounds Alert on Social
Security (AP)

Greenspan Sounds Alert on Social
Security (AP) 08/28/2004 04:27 AM
AP - For at least the fourth time this year, Federal Reserve Chairman Alan Greenspan has touched the electrified third rail of American politics — Social Security.

"Officials: Terror alert intel was old
news "

"Officials: Terror alert intel was old
news " 08/04/2004 04:20 AM

Yahoo! News - Material Behind New U.S.
Alert Is Years Old

Yahoo! News - Material Behind New U.S.
Alert Is Years Old 08/04/2004 09:28 AM
much of the information that led to the heightened alert in New York and Washington D.C. is actually three or four years old

story.news.yahoo.com/news?tmpl=story&cid=578&e=2&u=/nm/20040803/ ts_nm/security_alert_documents_dc
track this site | 4 links

Security Alert: Apache/Mod_ssl Worm in
the Wild

Security Alert: Apache/Mod_ssl Worm in
the Wild 09/17/2002 08:04 AM

Security Alert: Bagle.X Worm Seeding in
Progress

Security Alert: Bagle.X Worm Seeding in
Progress 04/09/2004 03:58 PM
There is an apparent seeding of a new Bagle worm variant, Bagle.X, currently in progress. While this seeding appears to be progressing at a slow rate, previous versions of the Bagle worms have been seeded in a similar manner and have witnessed great success.

Windows gamers targeted by Microsoft
security alert

Windows gamers targeted by Microsoft
security alert 06/09/2004 07:42 AM
PC Pro Jun 9 2004 12:23PM GMT

Security Alert: New Bagle.X Worm Variant
Detected

Security Alert: New Bagle.X Worm Variant
Detected 04/09/2004 03:58 PM
Bagle.X appears to be progressing slowly, but its seeding rate is consistent with previous Bagle versions that have witnessed great success.

BA Cancels London-Riyadh Flight in
Security Alert

BA Cancels London-Riyadh Flight in
Security Alert 01/02/2004 04:59 PM
Reuters via Wired News Jan 2 2004 3:56PM ET

Microsoft Security Update Alert -
Reminder to Patch

Microsoft Security Update Alert -
Reminder to Patch 05/02/2004 04:33 AM

Grok Description matches for Community News: PHP Security Alert
GrokA matches for Community News: PHP Security Alert

Community News: PHP Security Alert

The following phrases have been identified by the grok system as matching this entry: