Some people already know about it one day before.. On Sun, Mar 20, 2011 at 2:20 PM, Ahmad Amran <r0k...@gmail.com> wrote:
> Kat website php.net dah announce. Cuma wiki server compromise. Takde src > code. SVN dah check, setakat ni ok. Password dah tukar b > > Sent from my phone > > On Mar 20, 2011, at 1:37 PM, zarul shahrin <zarulshah...@gmail.com> wrote: > > It's always take longer for official announcement. ^_^ > > > On Sun, Mar 20, 2011 at 1:30 PM, Ghodmode < <ghodm...@ghodmode.com> > ghodm...@ghodmode.com> wrote: > >> On Fri, Mar 18, 2011 at 9:02 PM, zarul shahrin < <zarulshah...@gmail.com> >> zarulshah...@gmail.com> wrote: >> >>> Visual "proof" of <http://PHP.NET>PHP.NET server(s) breach: >>> <http://www.wooyun.org/bugs/wooyun-2010-01635> >>> http://www.wooyun.org/bugs/wooyun-2010-01635 >>> >> >> PHP.net's own confirmation ( >> <http://www.php.net/archive/2011.php#id2011-03-19-2> >> http://www.php.net/archive/2011.php#id2011-03-19-2 ) : >>> >>> *[19-Mar-2011]* The <http://wiki.php.net>wiki.php.net box was >>> compromised and the attackers were able to collect wiki account credentials. >>> No other machines in the <http://php.net>php.net infrastructure appear >>> to have been affected. Our biggest concern is, of course, the integrity of >>> our source code. We did an extensive code audit and looked at every commit >>> since 5.3.5 to make sure that no stolen accounts were used to inject >>> anything malicious. Nothing was found. The compromised machine has been >>> wiped and we are forcing a password change for all svn accounts. >>> >>> We are still investigating the details of the attack which combined a >>> vulnerability in the Wiki software with a Linux root exploit. >>> >> >> >> >>> On Fri, Mar 18, 2011 at 8:31 PM, zarul shahrin <<zarulshah...@gmail.com> >>> zarulshah...@gmail.com> wrote: >>>> >>>> Hai Guys, >>>> just a head up, yet another open source project has been compromised and >>>> probably backdoored, this time is PHP.net. I am still waiting for more >>>> info on this. >>>> Best Regards, >>>> Zarul Shahrin >>>> >>> -- >> To unsubscribe from and detail about this group >> <http://portal.mosc.my/osdc-my-mailing-list-information> >> http://portal.mosc.my/osdc-my-mailing-list-information >> >> MOSC2011 <http://fb.me/mosc2011>http://fb.me/mosc2011 and >> <http://portal.mosc.my/>http://portal.mosc.my/ >> > > -- > To unsubscribe from and detail about this group > <http://portal.mosc.my/osdc-my-mailing-list-information> > http://portal.mosc.my/osdc-my-mailing-list-information > > MOSC2011 <http://fb.me/mosc2011>http://fb.me/mosc2011 and > <http://portal.mosc.my/>http://portal.mosc.my/ > > -- > To unsubscribe from and detail about this group > http://portal.mosc.my/osdc-my-mailing-list-information > > MOSC2011 http://fb.me/mosc2011 and http://portal.mosc.my/ > -- To unsubscribe from and detail about this group http://portal.mosc.my/osdc-my-mailing-list-information MOSC2011 http://fb.me/mosc2011 and http://portal.mosc.my/