Slashdot Mirror

← Back to Stories (view on slashdot.org)

March To Be Month of PHP Bugs

Posted by kdawson on from the open-season dept.

PHP writes "Stefan Esser is the founder of both the Hardened-PHP Project and the PHP Security Response Team (which he recently left). During an interview with SecurityFocus he announced the upcoming Month of PHP bugs initiative in March." Quoting: "We will disclose different types of bugs, mainly buffer overflows or double free (/destruction) vulnerabilities, some only local, but some remotely triggerable... Additionally there are some trivial bypass vulnerabilities in PHP's own protection features... As a vulnerability reporter you feel kinda puzzled how people among the PHP Security Response Team can claim in public that they do not know about any security vulnerability in PHP, when you disclosed about 20 holes to them in the two weeks before. At this point you stop bothering whether anyone considers the disclosure of unreported vulnerabilities unethical. Additionally a few of the reported bugs have been known for years among the PHP developers and will most probably never be fixed. In total we have more than 31 bugs to disclose, and therefore there will be days when more than one vulnerability will be disclosed."

9 of 292 comments (clear)

  1. So, PHP means ? by Rastignac · · Score: 4, Funny

    Public Holes Publication, isn't it ? ;)

    --
    -- Rastignac was here.
    1. Re:So, PHP means ? by daeg · · Score: 2, Funny

      Don't you mean \\\\\\\\\'magic quotes\\\\\\\\\'?

  2. Huh by Anonymous Coward · · Score: 5, Funny

    I thought every month was PHP Bugs month?

  3. Re:great... by julesh · · Score: 1, Funny

    Yep. This is going to be fun^Wannoying.

  4. i suggest for next month by Anonymous Coward · · Score: 3, Funny

    month of PCP bugs. i see them all over my skin and i can't scratch them off! SOMEONE HELP ME

  5. Wait... by kahei · · Score: 4, Funny


    Only a month?

    Ha ha, yes, thank you, I'll be here all week, bringing predictable yet mildly amusing banter. In fact, I'll be here all year. The whole of my life, probably. *breaks down and cries*

    --
    Whence? Hence. Whither? Thither.
  6. Re:great... by elrous0 · · Score: 3, Funny
    Hey, my un-fashionable use of Perl finally pays off!

    [Ducks down and hopes next month isn't the "31 days of Perl Bugs"]

    -Eric

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
  7. Coming in April by bill_mcgonigle · · Score: 4, Funny

    "Month of Shooting Fish In a Barrel"

    At least the Month of Apple Bugs was a hard target to go after.

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  8. Re:great... by Joebert · · Score: 2, Funny

    Hi kids! Would you like to script this? (Yeah yeah yeah!)
    Wanna see me shoot chocolate milk from each one of my eyelids? (Uh-huh!)
    Wanna copy this and paste exactly like I did? (Yeah yeah!)
    Try the wrong CID and get fucked up worse that my code is? (Huh?)
    My mouse's dead weight, I'm tryin to get my story straight
    but I can't figure out which Administrator I want to impersonate (Ummmm..)
    And Dr. Phil said, "Failure is no accident."
    Uh-huhhh! "Then why's your hands red? Man you busted!"
    Well at age twelve, I learned HTML
    Hacked my robodog to fetch the paper while I sit here in my shell
    Got pissed off and organized a massive DDoS
    Smacked the web so hard people lost their job at Bluefrog
    I pay a crackhead to mow my grass
    Hacking my mower would still require me to go get gas !
    C'mere slut! (hey wait a minute, that's my goat dog!)
    I don't give a fuck, naggin bitches just piss me off !

    --
    Wanna fight ? Bend over, stick your head up your ass, and fight for air.