Santy.E worm poses threat to sites badly coded in PHP

Monday, 27 December 2004, 4:12 PM EST

The latest version of the Santy worm poses an elevated risk to many Web sites built using the PHP scripting language, and protection of those sites may involve individually recoding them, security experts warned over the weekend.

Early versions of the Santy worm exploited a specific bug in a bulletin-board software package called phpBB, and their attacks could be prevented by applying a patch to the software. However, the security flaw exploited by newer versions of the worm such as Santy.C or Santy.E is more general, and can occur anywhere a site designer has left the door open for the inclusion of arbitrary files into PHP scripts.

By Peter Sayer at IT World.

[ Read more ]




Spotlight

Chrome extension thwarts user profiling based on typing behavior

Infosec consultant Paul Moore came up with a working solution to thwart a type of behavioral profiling. The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Wed, Jul 29th
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //