[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[atlarge-discuss] RE : [atlarge-discuss] PHP security holes and more to: Re: [atlarge-discuss] RE : [atlarge-discuss] RE : [atlarge-discuss] Forum Usage at dot-org
Dear All,
Please discard this message from our friend Jeff Williams.
He still dont know what PHP is.
On our website were are using the latest version of PHP, which
is safe for all known issues. Abel and i we have enough technical
and security skills to keep it safe :)
Daniel CHIRITA
>-----Message d'origine-----
>De : Jeff Williams [mailto:jwkckid1@ix.netcom.com]
>Envoyé : jeudi 17 juillet 2003 15:03
>À : Daniel CHIRITA
>Cc : atlarge-discuss@lists.fitug.de
>Objet : [atlarge-discuss] PHP security holes and more to: Re:
>[atlarge-discuss] RE : [atlarge-discuss] RE :
>[atlarge-discuss] Forum Usage at dot-org
>
>
>Daniel and all fellow members,
>
> Your full of it too! PHA is garbage from a security
>stand point and is well known for it's various
>security holes. See:http://www.sans.org/newsletters/sac/vol3_7.php
>and {03.07.003} Cross - Vulnerable PHA applications 02/18 ,
>http://archives.neohapsis.com/archives/linux/suse/2003-q1/0500.html
>and http://www.sans.org/newsletters/sac/sac2_11.php
>reference
> {02.11.006} Cross - phpBB2 CGI phpbb_root_path command
>execution also {02.11.007} Cross - PHPNuke/PostNuke account
>hijacking *This is a big concern or should be* also,
>{02.11.009} Cross - PHP Net Toolpack CGI command execution
>additional reference:
>http://archives.neohapsis.com/archives/bugtraq/2002-03/0131.html
>and http://archives.neohapsis.com/archives/bugtraq/2002-03/0176.html
>Fix is at: http://phpbb.sourceforge.net/phpBB2/viewtopic.php?t=9105
>also another security hole for PHP see:
>http://archives.neohapsis.com/archives/bugtraq/2002-03/0199.html
>
>and again also:
> http://www.sans.org/newsletters/sac/sac2_10.php
>Reference:
>http://archives.neohapsis.com/archives/linux/conectiva/2002-q1/
>0021.html
>
>
> So, these are just a few of the many PHP security holes
>Daniel... Read 'em and weep... s
>
>Daniel CHIRITA wrote:
>
>> Daniel (hey it's my name too! :) )
>>
>> Please dont spend your time trying to explain something
>> to Jeff Williams, he dont know what PHP is!
>>
>> Babel fish works great, but it's only a automatic translation, and i
>> think we cannot trust it for the website: static pages (with low
>> changes content) had to be translated 'by hand' (my english is very
>> poor, but i see on the list a lot of people with solid
>skills) and for
>> forums we can add a link to babelfish system.
>>
>> Daniel CHIRITA
>> Webteam
>>
>> >-----Message d'origine-----
>> >De : Daniel R. Tobias [mailto:dan@tobias.name]
>> >Envoyé : jeudi 17 juillet 2003 06:04
>> >À : Jeff Williams
>> >Cc : atlarge-discuss@lists.fitug.de
>> >Objet : Re: [atlarge-discuss] RE : [atlarge-discuss] Forum Usage at
>> >dot-org
>> >
>> >
>> >On 16 Jul 2003 at 22:25, Jeff Williams wrote:
>> >
>> >> As you can clearly see the tranalation if very inaccurate as
>> >I stated.
>> >> Hence as Jeff H, tried to point out using a browser
>approach is far
>> >> better and much easier. And php data that the user sees is
>> >difficult
>> >> to translate where HTTP is much more exacting...
>> >
>> >Ummm.... the user doesn't see either "php" or "HTTP"
>data... the user
>> >sees HTML data, and it's irrelevant that it may have been pre-
>> >processed server-side using PHP, and transmitted using the HTTP
>> >protocol.
>> >
>> >And, if it has a URL, that can be fed into Babelfish or any other
>> >translater without regard to whether it happens to end in ".php" or
>> >not, and that program cares not at all about this.
>> >
>> >
>> >--
>> >== Dan ==
>> >Dan's Mail Format Site: http://mailformat.dan.info/
>> >Dan's Web Tips: http://webtips.dan.info/
>> >Dan's Domain Site: http://domains.dan.info/
>> >
>> >
>> >
>>
>>---------------------------------------------------------------------
>> >To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
>> >For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de
>> >
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
>> For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de
>
>Regards,
>
>--
>Jeffrey A. Williams
>Spokesman for INEGroup LLA. - (Over 131k members/stakeholders
>strong!) "Be precise in the use of words and expect precision
>from others" -
> Pierre Abelard
>===============================================================
>CEO/DIR. Internet Network Eng. SR. Eng. Network data security
>Information Network Eng. Group. INEG. INC. E-Mail
>jwkckid1@ix.netcom.com Contact Number: 214-244-4827 or 214-244-3801
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
>For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de