Tech

Hackers backdoor PHP source code after breaching internal git server

Posted on Author admin Comments Off on Hackers backdoor PHP source code after breaching internal git server
A cartoon door leads to a wall of computer code.

Enlarge (credit: BeeBright / Getty Images / iStockphoto)

A hacker compromised the server used to distribute the PHP programming language and added a backdoor to source code that would have made websites vulnerable to complete takeover, members of the open source project said.

Two updates pushed to the PHP Git server over the weekend added a line that, if run by a PHP-powered website, would have allowed visitors with no authorization to execute code of their choice. The malicious commits here and here gave the code the code-injection capability to visitors who had the word “zerodium” in an HTTP header.

PHP.net hacked, code backdoored

The commits were made to the php-src repo under the account names of two well-known PHP developers, Rasmus Lerdorf and Nikita Popov. “We don’t yet know how exactly this happened, but everything points toward a compromise of the git.php.net server (rather than a compromise of an individual git account),” Popov wrote in a notice published on Sunday night.

Read 12 remaining paragraphs | Comments

Related Articles
Tech

Microsoft is (finally) killing off Internet Explorer entirely

Posted on Author admin

Enlarge / You don’t need Internet Explorer to view any of these websites—which, unfortunately, doesn’t stop your users from trying it anyway. (credit: TimZillion / Getty Images) If you’re one of the 10 people on the planet who absolutely loves Microsoft’s venerable Internet Explorer browser, you’d better spend quality time with it while you can—Microsoft is […]
Tech

Hackers steal Mimecast certificate used to encrypt customers’ M365 traffic

Posted on Author admin

Enlarge (credit: Getty Images) Email management provider Mimecast said that hackers have compromised a digital certificate it issued and used it to target select customers who use it to encrypt data they sent and received through the company’s cloud-based service. In a post published on Tuesday, the company said that the certificate was used by […]
Tech

Popular software development tool Docker gets Apple M1 support

Posted on Author admin

Enlarge / Docker running on a Mac. (credit: Docker) Docker, a popular multi-platform application used by software developers, has released a version that runs natively on Apple Silicon hardware, including Macs released with Apple’s custom-designed M1 chip. The M1 chip uses the ARM instruction set and cannot natively run software that was designed to run […]