- TalkBack 2 of 3:
- Next »
- « Previous
- Thread View
- Flat View
- Not exactly squashed
-
If you're a tech-head read this.
There is a very serious flaw in PHP 5.2 and lower especially when used with PHPBB prior to version 2.0.11(used for this message board).
Through some fancy reverse-engineering we were able to rebuild the neverevernosanity worm by parsing our own log files. We forwarded this reverse-engineered code to the Google security team on 12/20/2004 at 1:03AM Eastern Standard Time.
Basically, code could be injected into a vulnerable computer. I believe this is just as serious as the code red worm from September of 2001, but not as widespread because less machines have PHPBB installed. If you recall, the code red worm infected any machine with IIS and WSH.
While Google has taken steps to stop this particular worm from spreading there is nothing preventing future attacks from using other search engines to spread. It would be easy to simply replace a few lines of code in the worm to use MSN instead of Google and it would keep on going.
Google has taken measures to prevent the worm from spreading but they can't fix vulnerable servers so upgrade your PHPs to 5.3 and upgrade your PHPBBs!
Gui W.
www.alphabetware.com - Posted by: guillermo6 Posted on: 12/22/04 You are currently: a Guest | Members login | Terms of Use
Message has been deleted.
Grayson Peddie | 12/22/04
|
Not exactly squashed
guillermo6 | 12/22/04
|
correction
guillermo6 | 12/22/04
|
What do you think?
SponsoredWhite Papers, Webcasts, and Downloads
- The True Costs of Virtual Server Solutions VMware In an economic environment that is repeatedly heralding the message "do ... Download Now
- Reducing Server Total Cost of Ownership with VMware Virtualization Software VMware VMware virtualization enables customers to reduce their server TCO and ... Download Now
- Building the Virtualized Enterprise with VMware Iinfrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Business Value of Windows Server 2008 R2 Hyper-V and Live Migration.
-
Today's IT departments are under increasing pressure to manage and support expanding computer resources while reducing costs. See how Windows Server 2008 R2 is making this process seamless.
- Click to download >>
- Learn more about tools to grow your business
-
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
- Save time with the UPS Business Essentials Guide
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
- Learn more about the free, six-month trial offer >>
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
SmartPlanet
- Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
- More from IBM
-
- How to Drive Better Business Outcomes with Exceptional Web Experiences Download the eBook
- Driving Business Agility through SOA Connectivity & Integration Read the White Paper from IBM
- Linking Decisions and Information for Organizational Performance Read the Tom Davenport study
