Tuesday, May 13th, 2008
The mass SQL injection attacks we've mentioned here and here are increasing in numbers and we're seeing more domains being injected and used to host the attack files and we believe that there are now more than one group using a set of different automated tools to inject the code.
Previously ...
Posted in Internet, Security | No Comments
Sunday, May 11th, 2008
This is not good. Researchers from INSERT found a vulnerability in the Gmail engine that could allow spammers to forward mail through Google, thereby bypassing blacklists and being accepted by whitelists. It works by using the same forwarding features that allow users, myself included, to forward their email through ...
Posted in Internet, Privacy, Security | No Comments
Thursday, May 8th, 2008
Microsoft's Vista operating system is more susceptible to malware than Windows 2000, and though it's 37% more secure than Windows XP, it's still too vulnerable.That's the contention of security vendor PC Tools, which has a financial interest in the vulnerability of Microsoft's software.
"Ironically, the new operating system has been hailed ...
Posted in Internet, Privacy, Security, Windows | No Comments
Wednesday, May 7th, 2008
In PHP there exist two functions to escape shell commands or arguments to shell commands that are used in PHP applications to protect against shell command injection vulnerabilities.
- escapeshellcmd()
- escapeshellarg()
Unfortunately it was discovered that both functions fail to protect against shell command injection when the shell uses a locale with ...
Posted in Coding, PHP, Security | No Comments
Wednesday, May 7th, 2008
Since version 4.2.0 PHP automatically seeds the random number generators on the first usage of rand() and mt_rand(). This is done with the help of the GENERATE_SEED() macro.
Unfortunately it was discovered that the GENERATE_SEED() macro contains several problems that can lead to a weaker seed than expected. In the worst ...
Posted in Coding, PHP, Security | No Comments
