Kat website php.net dah announce. Cuma wiki server compromise. Takde src code. SVN dah check, setakat ni ok. Password dah tukar b
Sent from my phone On Mar 20, 2011, at 1:37 PM, zarul shahrin <[email protected]> wrote: > It's always take longer for official announcement. ^_^ > > > On Sun, Mar 20, 2011 at 1:30 PM, Ghodmode <[email protected]> wrote: > On Fri, Mar 18, 2011 at 9:02 PM, zarul shahrin <[email protected]> wrote: > Visual "proof" of PHP.NET server(s) breach: > http://www.wooyun.org/bugs/wooyun-2010-01635 > > PHP.net's own confirmation ( > http://www.php.net/archive/2011.php#id2011-03-19-2 ) : > [19-Mar-2011] The wiki.php.net box was compromised and the attackers were > able to collect wiki account credentials. No other machines in the php.net > infrastructure appear to have been affected. Our biggest concern is, of > course, the integrity of our source code. We did an extensive code audit and > looked at every commit since 5.3.5 to make sure that no stolen accounts were > used to inject anything malicious. Nothing was found. The compromised machine > has been wiped and we are forcing a password change for all svn accounts. > > We are still investigating the details of the attack which combined a > vulnerability in the Wiki software with a Linux root exploit. > > > > On Fri, Mar 18, 2011 at 8:31 PM, zarul shahrin <[email protected]> wrote: > Hai Guys, > just a head up, yet another open source project has been compromised and > probably backdoored, this time is PHP.net. I am still waiting for more info > on this. > Best Regards, > Zarul Shahrin > -- > To unsubscribe from and detail about this group > http://portal.mosc.my/osdc-my-mailing-list-information > > MOSC2011 http://fb.me/mosc2011 and http://portal.mosc.my/ > > -- > To unsubscribe from and detail about this group > http://portal.mosc.my/osdc-my-mailing-list-information > > MOSC2011 http://fb.me/mosc2011 and http://portal.mosc.my/ -- To unsubscribe from and detail about this group http://portal.mosc.my/osdc-my-mailing-list-information MOSC2011 http://fb.me/mosc2011 and http://portal.mosc.my/
