It's always take longer for official announcement. ^_^
On Sun, Mar 20, 2011 at 1:30 PM, Ghodmode <[email protected]> wrote: > On Fri, Mar 18, 2011 at 9:02 PM, zarul shahrin <[email protected]>wrote: > >> Visual "proof" of PHP.NET server(s) breach: >> http://www.wooyun.org/bugs/wooyun-2010-01635 >> > > PHP.net's own confirmation ( > http://www.php.net/archive/2011.php#id2011-03-19-2 ) : >> >> *[19-Mar-2011]* The wiki.php.net box was compromised and the attackers >> were able to collect wiki account credentials. No other machines in the >> php.net infrastructure appear to have been affected. Our biggest concern >> is, of course, the integrity of our source code. We did an extensive code >> audit and looked at every commit since 5.3.5 to make sure that no stolen >> accounts were used to inject anything malicious. Nothing was found. The >> compromised machine has been wiped and we are forcing a password change for >> all svn accounts. >> >> We are still investigating the details of the attack which combined a >> vulnerability in the Wiki software with a Linux root exploit. >> > > > >> On Fri, Mar 18, 2011 at 8:31 PM, zarul shahrin <[email protected]>wrote: >>> >>> Hai Guys, >>> just a head up, yet another open source project has been compromised and >>> probably backdoored, this time is PHP.net. I am still waiting for more info >>> on this. >>> Best Regards, >>> Zarul Shahrin >>> >> -- > To unsubscribe from and detail about this group > http://portal.mosc.my/osdc-my-mailing-list-information > > MOSC2011 http://fb.me/mosc2011 and http://portal.mosc.my/ > -- To unsubscribe from and detail about this group http://portal.mosc.my/osdc-my-mailing-list-information MOSC2011 http://fb.me/mosc2011 and http://portal.mosc.my/
