There is a phpBB worm and anti-worm worm on the loose. What is interesting is that neither PHP nor phpBB are taking responsibility for it.
PHP: “A recent Web Worm known as NeverEverSanity exposed a mistake in the input validation in the popular phpBB message board application. Their highlighting code didn’t account for double-urlencoded input correctly. Without proper input validation of untrusted user data combined with any of the PHP calls
that can execute code or write to the filesystem you create a potential security problem. Despite some confusion regarding the timing of some unrelated PHP security fixes and the NeverEverSanity worm, the worm didn’t actually have anything to do with a security problem in PHP.”
phpBB: “Recently a serious exploitable issue was discovered in PHP (the scripting language in which phpBB, IPB, vB, etc. are written) versions prior to 4.3.10. The problematical functions include unserialize and realpath. phpBB (along with a great many other scripts including IPB, vB, etc.) use these two functions as a matter of course.
It has come to our attention that code has now been released which uses this exploit in PHP to obtain confidential information in phpBB. Such information includes data contained in phpBB’s config.php file. We therefore recommend the following:
1) If you maintain your own server be sure to upgrade to the newest available release of PHP (both versions 4 and 5). Be aware that at this time phpBB 2.0.x has problems functioning under PHP5 without modification.
2) If you pay for hosting ensure you hosting provider has upgraded their installation of PHP (again remember that phpBB 2.0.x and other scripts will not function under PHP5 without modification)”
I shudder at the thought of all the self-inflicted techno rage that will occur within the next few days. People surfing websites, calling customer dis-service hoping someone can answer their questions to get their new gizmo working.
Dear retailers, please let us help ourselves.
For the most part your FAQs are useless, out of date, and largely irrelevant most of the time.
Your customer dis-service representatives drive us completely around the bend with the manual they have to read to us, asking us to go through the twenty step procedure that doesn’t address our problem anyway.
Please set up user forums on your website where we can discuss technical ‘issues’. Let us help each other sort out technical issues and glitches. We’ve become much more sophisticated over the years, some of us anyway. We can even help those less technically inclined so you don’t have to.
Think of all the applications and glitches that you “don’t support” that we & you could, in a round-about way, if you’d just let us!
It’s not a sign of weakness. It shows you care.
How much techno rage are you anticipating this year?
Related link: http://applewhack.com
A bit annoyed at surfing the multitude of mac sites I created one to rule them all. Ok, not rule, but at least all my mac news is in one place. AppleWhack.com
So, I’ve basically taken the rss feeds from my favorite Mac sites (MacDevCenter!) and jammed them all into one page, and hence one feed aswell.
Related link: http://osdir.com/Article2805.phtml
In this month’s morally unclear and double-entendre filled toast To Evil! Danny O’Brien contends with our deep seated love/hate relationship with SCO website defacers, script kiddies who do the wrong things to the right people, Lyco’s bizarre foray into spam fighting with DDOS attacks, and in the end finds one completely unambiguous scumbag to label as most evil this month. Raise your glass.