subject:"\[osdcmy\] Re\: PHP.NET probably compromised , source code backdoored"

Re: [osdcmy] Re: PHP.NET probably compromised , source code backdoored

2011-03-20 Terurut Topik MASOKIS

kongsi :)
http://www.thehackernews.com/2011/03/php-group-has-confirmed-compromise-of.html
http://www.thehackernews.com/2011/03/phpnet-was-compromised-and-php-source.html

-- 
VISIT ME @ HTTP://WWW.MASOKIS.COM

-- 
To unsubscribe from and detail about this group 
http://portal.mosc.my/osdc-my-mailing-list-information

MOSC2011 http://fb.me/mosc2011 and http://portal.mosc.my/

Re: [osdcmy] Re: PHP.NET probably compromised , source code backdoored

2011-03-19 Terurut Topik zarul shahrin

Some people already know about it one day before..

On Sun, Mar 20, 2011 at 2:20 PM, Ahmad Amran  wrote:

> Kat website php.net dah announce. Cuma wiki server compromise. Takde src
> code. SVN dah check, setakat ni ok. Password dah tukar b
>
> Sent from my phone
>
> On Mar 20, 2011, at 1:37 PM, zarul shahrin  wrote:
>
> It's always take longer for official announcement. ^_^
>
>
> On Sun, Mar 20, 2011 at 1:30 PM, Ghodmode < 
> ghodm...@ghodmode.com> wrote:
>
>> On Fri, Mar 18, 2011 at 9:02 PM, zarul shahrin < 
>> zarulshah...@gmail.com> wrote:
>>
>>> Visual "proof" of PHP.NET server(s) breach:
>>>  
>>> http://www.wooyun.org/bugs/wooyun-2010-01635
>>>
>>
>> PHP.net's own confirmation (
>> 
>> http://www.php.net/archive/2011.php#id2011-03-19-2 ) :
>>>
>>>  *[19-Mar-2011]* The wiki.php.net box was
>>> compromised and the attackers were able to collect wiki account credentials.
>>> No other machines in the php.net infrastructure appear
>>> to have been affected. Our biggest concern is, of course, the integrity of
>>> our source code. We did an extensive code audit and looked at every commit
>>> since 5.3.5 to make sure that no stolen accounts were used to inject
>>> anything malicious. Nothing was found. The compromised machine has been
>>> wiped and we are forcing a password change for all svn accounts.
>>>
>>> We are still investigating the details of the attack which combined a
>>> vulnerability in the Wiki software with a Linux root exploit.
>>>
>>
>>
>>
>>> On Fri, Mar 18, 2011 at 8:31 PM, zarul shahrin <
>>> zarulshah...@gmail.com> wrote:

 Hai Guys,
 just a head up, yet another open source project has been compromised and
 probably backdoored, this time is PHP.net. I am still waiting for more
 info on this.
 Best Regards,
 Zarul Shahrin

>>>  --
>> To unsubscribe from and detail about this group
>> 
>> http://portal.mosc.my/osdc-my-mailing-list-information
>>
>> MOSC2011 http://fb.me/mosc2011 and
>> http://portal.mosc.my/
>>
>
>  --
> To unsubscribe from and detail about this group
> 
> http://portal.mosc.my/osdc-my-mailing-list-information
>
> MOSC2011 http://fb.me/mosc2011 and
> http://portal.mosc.my/
>
>  --
> To unsubscribe from and detail about this group
> http://portal.mosc.my/osdc-my-mailing-list-information
>
> MOSC2011 http://fb.me/mosc2011 and http://portal.mosc.my/
>

-- 
To unsubscribe from and detail about this group 
http://portal.mosc.my/osdc-my-mailing-list-information

MOSC2011 http://fb.me/mosc2011 and http://portal.mosc.my/

Re: [osdcmy] Re: PHP.NET probably compromised , source code backdoored

2011-03-19 Terurut Topik Ahmad Amran

Kat website php.net dah announce. Cuma wiki server compromise. Takde src code. 
SVN dah check, setakat ni ok. Password dah tukar b

Sent from my phone

On Mar 20, 2011, at 1:37 PM, zarul shahrin  wrote:

> It's always take longer for official announcement. ^_^
> 
> 
> On Sun, Mar 20, 2011 at 1:30 PM, Ghodmode  wrote:
> On Fri, Mar 18, 2011 at 9:02 PM, zarul shahrin  wrote:
> Visual "proof" of PHP.NET server(s) breach:
> http://www.wooyun.org/bugs/wooyun-2010-01635
> 
> PHP.net's own confirmation ( 
> http://www.php.net/archive/2011.php#id2011-03-19-2 ) :
> [19-Mar-2011] The wiki.php.net box was compromised and the attackers were 
> able to collect wiki account credentials. No other machines in the php.net 
> infrastructure appear to have been affected. Our biggest concern is, of 
> course, the integrity of our source code. We did an extensive code audit and 
> looked at every commit since 5.3.5 to make sure that no stolen accounts were 
> used to inject anything malicious. Nothing was found. The compromised machine 
> has been wiped and we are forcing a password change for all svn accounts.
> 
> We are still investigating the details of the attack which combined a 
> vulnerability in the Wiki software with a Linux root exploit.
> 
> 
>  
> On Fri, Mar 18, 2011 at 8:31 PM, zarul shahrin  wrote:
> Hai Guys, 
> just a head up, yet another open source project has been compromised and 
> probably backdoored, this time is PHP.net. I am still waiting for more info 
> on this.
> Best Regards,
> Zarul Shahrin
> -- 
> To unsubscribe from and detail about this group 
> http://portal.mosc.my/osdc-my-mailing-list-information
>  
> MOSC2011 http://fb.me/mosc2011 and http://portal.mosc.my/
> 
> -- 
> To unsubscribe from and detail about this group 
> http://portal.mosc.my/osdc-my-mailing-list-information
>  
> MOSC2011 http://fb.me/mosc2011 and http://portal.mosc.my/

-- 
To unsubscribe from and detail about this group 
http://portal.mosc.my/osdc-my-mailing-list-information

MOSC2011 http://fb.me/mosc2011 and http://portal.mosc.my/

Re: [osdcmy] Re: PHP.NET probably compromised , source code backdoored

2011-03-19 Terurut Topik zarul shahrin

It's always take longer for official announcement. ^_^


On Sun, Mar 20, 2011 at 1:30 PM, Ghodmode  wrote:

> On Fri, Mar 18, 2011 at 9:02 PM, zarul shahrin wrote:
>
>> Visual "proof" of PHP.NET server(s) breach:
>> http://www.wooyun.org/bugs/wooyun-2010-01635
>>
>
> PHP.net's own confirmation (
> http://www.php.net/archive/2011.php#id2011-03-19-2 ) :
>>
>>  *[19-Mar-2011]* The wiki.php.net box was compromised and the attackers
>> were able to collect wiki account credentials. No other machines in the
>> php.net infrastructure appear to have been affected. Our biggest concern
>> is, of course, the integrity of our source code. We did an extensive code
>> audit and looked at every commit since 5.3.5 to make sure that no stolen
>> accounts were used to inject anything malicious. Nothing was found. The
>> compromised machine has been wiped and we are forcing a password change for
>> all svn accounts.
>>
>> We are still investigating the details of the attack which combined a
>> vulnerability in the Wiki software with a Linux root exploit.
>>
>
>
>
>> On Fri, Mar 18, 2011 at 8:31 PM, zarul shahrin wrote:
>>>
>>> Hai Guys,
>>> just a head up, yet another open source project has been compromised and
>>> probably backdoored, this time is PHP.net. I am still waiting for more info
>>> on this.
>>> Best Regards,
>>> Zarul Shahrin
>>>
>>  --
> To unsubscribe from and detail about this group
> http://portal.mosc.my/osdc-my-mailing-list-information
>
> MOSC2011 http://fb.me/mosc2011 and http://portal.mosc.my/
>

-- 
To unsubscribe from and detail about this group 
http://portal.mosc.my/osdc-my-mailing-list-information

MOSC2011 http://fb.me/mosc2011 and http://portal.mosc.my/

Re: [osdcmy] Re: PHP.NET probably compromised , source code backdoored

2011-03-19 Terurut Topik Ghodmode

On Fri, Mar 18, 2011 at 9:02 PM, zarul shahrin wrote:

> Visual "proof" of PHP.NET server(s) breach:
> http://www.wooyun.org/bugs/wooyun-2010-01635
>

PHP.net's own confirmation (
http://www.php.net/archive/2011.php#id2011-03-19-2 ) :
>
>  *[19-Mar-2011]* The wiki.php.net box was compromised and the attackers
> were able to collect wiki account credentials. No other machines in the
> php.net infrastructure appear to have been affected. Our biggest concern
> is, of course, the integrity of our source code. We did an extensive code
> audit and looked at every commit since 5.3.5 to make sure that no stolen
> accounts were used to inject anything malicious. Nothing was found. The
> compromised machine has been wiped and we are forcing a password change for
> all svn accounts.
>
> We are still investigating the details of the attack which combined a
> vulnerability in the Wiki software with a Linux root exploit.
>



> On Fri, Mar 18, 2011 at 8:31 PM, zarul shahrin wrote:
>>
>> Hai Guys,
>> just a head up, yet another open source project has been compromised and
>> probably backdoored, this time is PHP.net. I am still waiting for more info
>> on this.
>> Best Regards,
>> Zarul Shahrin
>>
>

-- 
To unsubscribe from and detail about this group 
http://portal.mosc.my/osdc-my-mailing-list-information

MOSC2011 http://fb.me/mosc2011 and http://portal.mosc.my/

[osdcmy] Re: PHP.NET probably compromised , source code backdoored

2011-03-18 Terurut Topik zarul shahrin

Visual "proof" of PHP.NET server(s) breach:
http://www.wooyun.org/bugs/wooyun-2010-01635



On Fri, Mar 18, 2011 at 8:31 PM, zarul shahrin wrote:

> Hai Guys,
>
> just a head up, yet another open source project has been compromised and
> probably backdoored, this time is PHP.net. I am still waiting for more info
> on this.
>
>
> Best Regards,
>
> Zarul Shahrin
>

-- 
To unsubscribe from and detail about this group 
http://portal.mosc.my/osdc-my-mailing-list-information

MOSC2011 http://fb.me/mosc2011

Re: [osdcmy] Re: PHP.NET probably compromised , source code backdoored

Re: [osdcmy] Re: PHP.NET probably compromised , source code backdoored

Re: [osdcmy] Re: PHP.NET probably compromised , source code backdoored

Re: [osdcmy] Re: PHP.NET probably compromised , source code backdoored

Re: [osdcmy] Re: PHP.NET probably compromised , source code backdoored

[osdcmy] Re: PHP.NET probably compromised , source code backdoored

6 matches

Site Navigation

Mail list logo

Footer information