Wednesday, May 7th, 2008
In PHP there exist two functions to escape shell commands or arguments to shell commands that are used in PHP applications to protect against shell command injection vulnerabilities.
- escapeshellcmd()
- escapeshellarg()
Unfortunately it was discovered that both functions fail to protect against shell command injection when the shell uses a locale with ...
Posted in Coding, PHP, Security | No Comments
Wednesday, May 7th, 2008
Since version 4.2.0 PHP automatically seeds the random number generators on the first usage of rand() and mt_rand(). This is done with the help of the GENERATE_SEED() macro.
Unfortunately it was discovered that the GENERATE_SEED() macro contains several problems that can lead to a weaker seed than expected. In the worst ...
Posted in Coding, PHP, Security | No Comments
Tuesday, May 6th, 2008
Security in IT is everywhere: firewalls, proxies, anti-[spam|virus], IDS and more! But what about physical security to your IT infrastructure? Read the following story: Peter Gabriel’s web site was off the web due to a server theft! I would like to know how the thieves performed!
Why spend money to protect ...
Posted in Hardware, Security | No Comments
Tuesday, May 6th, 2008
Adware pushers have found a new way to trick you into downloading their annoying products: fake MP3 files.
On Tuesday, security vendor McAfee reported that it's seen a huge spike in fake MP3 files spreading on peer-to-peer networks. Although the files have names that make them look like audio recordings, they're ...
Posted in Privacy, Security | No Comments
Tuesday, May 6th, 2008
The PC version of Mass Effect is going to include some fairly serious security measures that may prove to be more of a threat to the game's popularity than they are to piracy.
According to Derek French, Mass Effect's technical producer at BioWare, the game's security begins with the same SecuROM ...
Posted in Coding, Gaming, Security | No Comments
