Archive for the ‘Projects’ Category
Saturday, December 25th, 2010
Last week I presented my research about "Adding ASLR to jailbroken iPhones" at the Power of Community 2010 (POC2010) security conference in Seoul. During my talk I explained how one can use a modified 'rebase' utility to rebase the dynamic linker dyld on the iPhone. Rebasing dyld is important because ...
Posted in Projects, Security, iPhone | No Comments »
Wednesday, December 1st, 2010
December has arrived and it is time to announce my talk for the Power of Community security conference in Seoul. This year I will not only return there for the 3rd time as speaker, but this time I will talk about something not related to PHP or web security at ...
Posted in Projects, Security, iPhone, korea | No Comments »
Tuesday, December 9th, 2008
For half a year now I was working on a secret project called "PHP Upgrade Simulator" or short ext/usim which is a PHP extension that allows people to evaluate how robust their PHP code base is when it comes to upgrading to future PHP versions. I am happy to announce ...
Posted in PHP, Projects | 24 Comments »
Thursday, September 4th, 2008
The first questions regarding Suhosin are where the name comes from and what it actually means. I usually explain that Suhosin is similar to a guardian angel. Some ghost or god protecting a village from dark ghosts.
Yesterday I was able to take this picture of two of the guardian ghosts ...
Posted in PHP, Projects, Security | 2 Comments »
Friday, August 22nd, 2008
I just released Suhosin 0.9.26 which among bugfixes contains new features. The full changelog is
Fixed problem with suhosin.perdir
Thanks to Hosteurope for tracking this down
Fixed problems with ext/uploadprogress
Reported by: Christian Stocker
Added suhosin.srand.ignore and suhosin.mt_srand.ignore (default: on)
Modified rand()/srand() to use the Mersenne Twister algorithm with separate state
Added better internal seeding of rand() ...
Posted in PHP, Projects, Security | 36 Comments »
Friday, August 15th, 2008
I previously reported about my joy with MySQL-Proxy and a simple SQL-Injection detection based on a simple heuristic.
Today I present the more interesting approach that I promised to publish after my webinar yesterday. This approach is based on the idea that SQL queries issued by an application always have a ...
Posted in MySQL, PHP, Projects, Security | 16 Comments »
Friday, August 8th, 2008
Since last night PHP 4 is finally dead...
Is it?
Well not really, because there are still millions of servers running PHP 4 that haven't upgraded to the faster, more stable and more secure PHP 5 and most of them will continue to use it. So PHP 4 will still be around ...
Posted in PHP, Projects, Security | 8 Comments »
Wednesday, August 6th, 2008
I just released a long overdue update to the Suhosin extension. There are only a few changes in it. The full changelog is
Fixed PHP 4 compilation problem introduced in 0.9.24
Fixed PHP 5.3 compilation problem
Changed PHP default POST handler to PHP's current handler
As usual you can grab your copy at
http://www.suhosin.org/
Posted in PHP, Projects, Security | No Comments »
Tuesday, August 5th, 2008
“MySQL Proxy is a simple program that sits between your client and MySQL server(s) that can monitor, analyze or transform their communication. Its flexibility allows for unlimited uses; common ones include: load balancing; failover; query analysis; query filtering and modification; and many more.”
The flexibility of MySQL Proxy is based on ...
Posted in MySQL, PHP, Projects, Security | 8 Comments »
Thursday, July 31st, 2008
A quite long time ago I stopped blogging in my previous blog at php-security.org because I wanted to move to a new domain to be able to finally blog about other things than PHP (or web application) security. Now after months of silence I start a new blog over here ...
Posted in PHP, Projects | 6 Comments »