www.hacking-news.com

PHP version 5.2.3 released at the beginning of the month purported to eliminate a security vulnerability in the chunk_split() function that splits strings into user-defined substrings. However, according to the PHP security specialist and co-initiator of the Month of PHP Bugs Stefan Esser, this is actually not the case. According to Esser, the original fix was not only malfunctional, but more or less even nonsense, since it only pushed the fundamental problem, an integer overflow, into another line in the source code. An additional fix has been now developed which is supposed to finally eliminate the bug – thus far, however, it has been reported officially only in CVS from PHP.

Read more…

The illegal transfer of almost US$450k out of the municipal funds of Carson City Nevada, using credentials stolen by keystroke logging, was thwarted last week only after US$45k had been lost. Apparently the thieves targeted the personal computer of municipal Treasurer Karen Avilla, and thereby obtained critical passwords which they used to divert funds by electronic transfer.

Read more…