Santy.E worm poses threat to sites badly coded in PHP

Monday, 27 December 2004, 4:12 PM EST

The latest version of the Santy worm poses an elevated risk to many Web sites built using the PHP scripting language, and protection of those sites may involve individually recoding them, security experts warned over the weekend.

Early versions of the Santy worm exploited a specific bug in a bulletin-board software package called phpBB, and their attacks could be prevented by applying a patch to the software. However, the security flaw exploited by newer versions of the worm such as Santy.C or Santy.E is more general, and can occur anywhere a site designer has left the door open for the inclusion of arbitrary files into PHP scripts.

By Peter Sayer at IT World.

[ Read more ]




Spotlight

Security pros and government failing to collaborate

Posted on 17 April 2014.  |  More effective collaboration between government and the information security industry is crucial to protecting organizations from future cyber threats. More work needs to be done to strengthen government’s position as a source of information on potential threats.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Apr 17th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //