Slashdot Mirror
PHP.net Compromised
An anonymous reader writes "The open source PHP project site was compromised earlier today. The site appears to have been compromised and had some of its Javascript altered to exploit vulnerable systems visiting the website. Google's stop-badware system caught this as well and flagged php.net as distributing malware, warning users whose browsers support it not to visit the site. The comment by a Google employee over at the hacker news thread (official Google webmaster forum thread) seems to suggest that php.net wasn't incorrectly flagged."
Let me guess, they got in through a PHP vulnerability?
... it introduced visitors to PHP.
I can predict there will be a lot of posts by developers of other languages laughing at PHP while ignoring their own languages massive security failures in the often not so distant past. That is okay when for instance Ruby had their massive security hole or Java applets were kicked out of every browser, I giggled like a schoolgirl too.
But it sure was fun today to google some obscure function and be told php.net might harm your computer. Especially when you are having to fight management daily on some silly security measures you insisted on to protect your project that are so inconvenient and un-necessary because the project hasn't been hacked yet... sigh... do I have to point out that maybe it hasn't been broken into yet because I put the security measures in place? Or that it might simply not have been our turn yet? Nah... it must be because I am an idiot who sees script kiddies everywhere.
Security, if you do it right everyone thinks you have wasted your time and when you do it wrong, it is all your fault.
But at least the amazing pay, respect, job security and being the stuff all women dream about makes up for it...
Oh wait.
I can predict the future, I am going to die a bitter and angry nerd.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.