[tags]malicious code, wikipedia, trojan horse,spyware[/tags] Frankly, I am surprised it has taken this long for something like this to happen: Malicious code planted in Wikipedia. The malicious advertisement on MySpace from a while back was a little similar. Heck, there were trojan archives posted on the Usenet binary groups over 20 years ago that also bring this back to mind -- I recall an instance of a file damage program being posted as an anti-virus update in the early 1980s! Basically, anyone seeking “victims” for spyware, trojans, or other nastiness wants effective propagation of code. So, find a high-volume venue that has a trusting and or naive user population, and find a way to embed code there such that others will download it or execute it. Voila! Next up: viruses on YouTube?

[posted with ecto]

Once again, Scott Adams cuts to the heart of the matter. Here's a great explanation of what's what with electronic voting machines. The Dilbert Blog: Electronic Voting Machines

Someone sent the following to me as an example of how to ensure secure passwords Microsoft claims this message is an error. However, I think we all can see this is simply a form of extreme password security of the sort I wrote about in this post.

I decided to not be all self-deprecating as I usually am with things like this, and admit that I'm really happy and proud to say that I was interviewed by Cal Evans for the Zend Developer Zone.

I guess the first question that comes to my mind is "Why did you build this?"
I built it because there was no good way to audit the security settings in your PHP.INI or your PHP environment. The average PHP user I feel is someone who can use an installer to install scripts on their server, get them running and do a little customization or hack up some code but they are not educated developers. These users have no easy way to check how secure their environment is. So I wrote PHPSecInfo to give these uses something easy to run and present the information in a format they are already familiar with.

Read the rest »

 

Also, I uploaded a new build of PHPSecInfo this morning. This version fixes the errant Notices we were getting, makes it easier to extract test data for your own nefarious purposes, and fixes a bug with the curl file protocol test on PHP4. The latter unfortunately just skips the test on PHP4 because I'm not sure how to do the check; suggestions are welcome. Download: http://phpsec.org/projects/phpsecinfo/phpsecinfo.zip Docs: http://phpsec.org/projects/phpsecinfo/docs/ What's new: v0.1.1 - Added PhpSecInfo::getOutput(), PhpSecInfo::loadAndRun() and PhpSecInfo::getResultsAsArray() methods - Modified PhpSecInfo::runTests() to fix undefined offsent notices - Modified PhpSecInfo_Test::setMessageForResult() to fix undefined offset notices - Modified PhpSecInfo_Test_Curl_File_Support to skip if PHP version is

So we finally went public with PHPSecInfo as an official project of the PHP Security Consortium.

• http://phpsec.org/about/news/20oct2006.html
• http://phpsec.org/projects/phpsecinfo/
• http://phpdeveloper.org/news/6543

I just was interviewed by Cal Evans for the Zend Developer Zone, which was pretty cool -- it was nice to talk to him again. He said the story should be posted sometime this weekend or Monday.