Archive for the ‘Security’ Category
Wednesday, November 5th, 2008
I just finished porting php2sql 0.1 to the new Binnavi 2.0 database format. php2sql is my still private way to import PHP bytecode into Binnavi for manual analysation and navigation.
Here are some screenshots how the PHP bytecode of FluxBB 1.2.20 looks like in Binnavi.
First screen shows the project overview window. ...
Posted in PHP, Security | 5 Comments »
Thursday, October 30th, 2008
I just wanted to announce that next wednesday (5th of November) at 19:30 there will be the second CGNSec meetup in Cologne/Germany.
The meeting takes place at Hallmackenreuther, Brüsseler Platz 9, 50674 Köln (Google Maps)
Everyone working in the field of information security is invited to attend. To find us, just ask ...
Posted in CGNSec, Security | No Comments »
Thursday, October 16th, 2008
There is a common misunderstanding about me in the circles of BSD users that I have encountered once again at yesterdays first CGNSec meeting.
There is a FreeBSD kernel developer Stefan Eßer (Esser) that is also from cologne and also works in the field of IT-Security. We are not the same ...
Posted in CGNSec, Security | No Comments »
Monday, October 13th, 2008
Next wednesday at 19:30 there will be the first CGNSec meetup in Cologne/Germany. CGNSec is inspired by the CitySec meetups that are popular in the United States and some other european and asian countries.
Everyone working in the field of information security is invited to come.
Because it is the first meeting ...
Posted in CGNSec, Security | No Comments »
Sunday, October 12th, 2008
Users of Suhosin-Patch will sooner or later see messages like "canary mismatch on efree() - heap overflow detected" in their error log. When this happens they are often confused and don't understand what it means.
The first questions they often ask themself are:
Did they trigger a bug in Suhosin?
Is something wrong ...
Posted in PHP, Security | 6 Comments »
Wednesday, October 1st, 2008
Although PHP 5.3 is still in alpha stage and certain features like the PHAR extension or the whole namespace support are still topics of endless discussions it already contains smaller changes that could improve the security of PHP applications a lot.
One of these small changes is the introduction of a ...
Posted in PHP, Security | 13 Comments »
Thursday, September 18th, 2008
Here are the slides of my ZendCon talk about Lesser Known Security Problems in PHP Applications.
(PDF) Lesser Known Security Problems in PHP Applications
Posted in PHP, Security | 18 Comments »
Monday, September 15th, 2008
The PHP Korea usergroup has organised an improvised PHP mini-conference and coding session called PHP Fest 2008, which will take place at the end of september in Seoul. The mini-conference is not only sponsored by Microsoft Korea but also takes place in the POSCO building in rooms owned by Microsoft ...
Posted in PHP, Security | 2 Comments »
Thursday, September 4th, 2008
The first questions regarding Suhosin are where the name comes from and what it actually means. I usually explain that Suhosin is similar to a guardian angel. Some ghost or god protecting a village from dark ghosts.
Yesterday I was able to take this picture of two of the guardian ghosts ...
Posted in PHP, Projects, Security | 1 Comment »
Friday, August 22nd, 2008
I just released Suhosin 0.9.26 which among bugfixes contains new features. The full changelog is
Fixed problem with suhosin.perdir
Thanks to Hosteurope for tracking this down
Fixed problems with ext/uploadprogress
Reported by: Christian Stocker
Added suhosin.srand.ignore and suhosin.mt_srand.ignore (default: on)
Modified rand()/srand() to use the Mersenne Twister algorithm with separate state
Added better internal seeding of rand() ...
Posted in PHP, Projects, Security | 34 Comments »