SecurityFocus

new linux malware Feb 18 2006 10:40PM
Gadi Evron (ge linuxbox org) (2 replies)

Re: new linux malware Feb 20 2006 04:57PM
Christine Kronberg (Christine_Kronberg genua de) (1 replies)

PHP as a secure language? PHP worms? [was: Re: new linux malware] Feb 20 2006 08:22PM
Gadi Evron (ge linuxbox org) (2 replies)

Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Dec 30 2006 10:00PM
Kevin Waterson (kevin oceania net) (1 replies)

Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jan 01 2007 05:53PM
Bill Nash (billn billn net) (1 replies)

On Sun, 31 Dec 2006, Kevin Waterson wrote:

> This one time, at band camp, Gadi Evron <ge (at) linuxbox (dot) org [email concealed]> wrote:
>
> >
> > Indeed, the most annoying thing about the PHP worms today is that these
> > PHP vulnerabilities being exploited are everywhere.
>
> These are not PHP vulnerabilities, these are application vulnerabilities.
>

I agree. Unless this thread is focusing on vulnerabilities in the
PHP parser itself, exploitable simply by pushing arbitrary information
through any available post/get channel, then I think we can call it a PHP
vulnerability. Until then, let's keep the FUD to a minimum.

*ANY* language implemented for *ANY* purpose is as secure as the
programmer makes it. The way the original post is written,
s/PHP/(Perl|ASP|C|bash|BASIC|four little buddhist monks fighting over an
abacus)/ is applicable. The vulnerabilities that we see, that Gadi refers
to, aren't widespread because PHP is widespread, but because insecure
applications written in PHP are. A better use of energy would be
focusing on the most vulnerable platforms and educating the developers.

- billn

[ reply ]

Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jan 01 2007 09:00PM
Tino Wildenhain (tino wildenhain de) (1 replies)

RE: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jan 01 2007 09:31PM
Jim Harrison (Jim isatools org) (1 replies)

Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jan 01 2007 10:37PM
Dana Hudes (dhudes hudes org) (1 replies)

RE: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jan 02 2007 12:02AM
Jim Harrison (Jim isatools org) (2 replies)

Re: PHP as a secure language? PHP worms? Jan 02 2007 12:01PM
Duncan Simpson (dps simpson demon co uk) (1 replies)

RE: PHP as a secure language? PHP worms? Jan 02 2007 02:17PM
Jim Harrison (Jim isatools org)

Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jan 02 2007 10:58AM
Darren Reed (avalon caligula anu edu au) (2 replies)

Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jan 02 2007 03:16PM
Dana Hudes (dhudes hudes org) (1 replies)

Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jan 02 2007 06:48PM
Lawrence Paul MacIntyre (macintyrelp ornl gov)

RE: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jan 02 2007 02:15PM
Jim Harrison (Jim isatools org) (1 replies)

Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jan 02 2007 06:37PM
Darren Reed (avalon caligula anu edu au) (3 replies)

Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jan 03 2007 05:16AM
Ronald Chmara (ron Opus1 COM) (1 replies)

Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jan 04 2007 08:59PM
Jim Manico (jim manico net)

Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jan 02 2007 09:07PM
Bill Nash (billn billn net)

RE: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jan 02 2007 07:18PM
Jim Harrison (Jim isatools org)

Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Feb 22 2006 10:48AM
Kevin Waterson (kevin oceania net) (2 replies)

Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Feb 24 2006 09:13PM
Matthew Schiros (schiros gmail com) (1 replies)

Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Feb 27 2006 03:26PM
L. Adrian Griffis (agriffis dstsystems com) (1 replies)

Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Feb 27 2006 03:50PM
Matthew Schiros (schiros gmail com) (1 replies)

Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Feb 27 2006 04:21PM
L. Adrian Griffis (agriffis dstsystems com) (1 replies)

Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Feb 27 2006 05:55PM
Matthew Schiros (schiros gmail com)

Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Feb 24 2006 09:07PM
Jamie Riden (jamie riden gmail com)

Re: new linux malware Feb 20 2006 04:24PM
Marco Monicelli (marco monicelli marcegaglia com) (1 replies)

Re: new linux malware Feb 20 2006 07:58PM
Gadi Evron (ge linuxbox org) (1 replies)

Re: new linux malware Feb 22 2006 08:00PM
Jamie Riden (jamie riden gmail com)