Re: PHP as a secure language? PHP worms? [was: Re: new linux malware]

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: PHP as a secure language? PHP worms? [was: Re: new linux malware]
From: Kevin Waterson <kevin@xxxxxxxxxxx>
Date: Wed, 22 Feb 2006 21:48:55 +1100
In-reply-to: <43FA2508.7030008@xxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: Oceania
References: <43F7A252.2040307@xxxxxxxxxxxx> <Pine.LNX.4.61.0602201749300.22544@xxxxxxxxxxxxxxxx> <43FA2508.7030008@xxxxxxxxxxxx>

This one time, at band camp, Gadi Evron <ge@xxxxxxxxxxxx> wrote:
 

> 3. Staying on top of new PHP vulnerabilities has become impossible, 
> popping around everywhere.

What vulnerabilities in PHP?
Are implying the fault is within the language itself?
This is akin to saying C has vulnerabilites because some script kiddie
wrote a poor application.

> 
> 4. Determining how secure a PHP application is, looking at the code and 
> for how silly past vulnerabilities were (i.e. looking at the coder 
> rather than the code) is now more important than the actual application.

As with all web based technologies, security should be the foundation of the 
application

> Much like their self criticism said, PHP needs to grow to a far more 
> secure language, much like we need to chose more carefully what PHP 
> software we use.
Which self critism is this?

> 
> Some of us have been joking for a while about creating a script to 
> choose from different paragraph we create, and email bugtraq 
> re-assembling the randomly with a new PHP bug and a random PHP 
> application name every few hours. Would any of us be able to readily 
> tell the difference?

Perhaps we can do the same for linux kernel problems and blame it on C?

Kind regards
Kevin


-- 
"Democracy is two wolves and a lamb voting on what to have for lunch. 
Liberty is a well-armed lamb contesting the vote."

Follow-Ups:
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware]
  - From: Matthew Schiros
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware]
  - From: Jamie Riden

References:
- new linux malware
  - From: Gadi Evron
- Re: new linux malware
  - From: Christine Kronberg
- PHP as a secure language? PHP worms? [was: Re: new linux malware]
  - From: Gadi Evron

Prev by Date: Re: Quarantine your infected users spreading malware
Next by Date: The Domain Name Service as an IDS
Previous by thread: Re: PHP as a secure language? PHP worms? [was: Re: new linux malware]
Next by thread: Re: PHP as a secure language? PHP worms? [was: Re: new linux malware]
Index(es):
- Date
- Thread