Free Republic

A remotely exploitable vulnerability in web application code, first discovered 15 years ago, has returned to haunt server admins who are being urged to take action immediately to avoid being hit. Researchers from New Zealand point of sale software company Vend, Dominic Scheirlink, Richard Rowe, Morgan Pyne and Scott Geary, worked with Red Hat product security staffer Kurt Seifried to document the flaw, which they have nicknamed Httpoxy. On vulnerable applications, the Httpoxy flaw is easily exploitable, the researchers said. Attackers can proxy outgoing HTTP requests and direct the server to open outwards connections to arbitrary IP addresses and transport...

Remember Heartbleed? Well, this is probably worse. Here's a (somewhat simplified) explanation of what Shellshock actually is. Don't worry: I haven't included instructions on how to actually exploit it. The moral of the story is: keep your security patches up to date!

Or, learn to code the next Facebookâ„¢ in your spare time. Really for true about the Facebookâ„¢ part. It was initially written using this technology so that should give you some idea what is possible if you master this idiom. Admittedly, it doesn't scale to 800 million users, but it is pretty serviceable for most people and it's free. Learning to program earns you power. Steadily all of the machines around us are morphing into computers surrounded by hardware that mediates the processor's interaction with the physical world. To change the behavior of any given machine all you need...

My web design business (sole proprietorship) has grown to the point where I must start subcontracting parts of my projects and focusing my attention on promotion, customer relations, and management. Does anyone have experience in putting web related work out for bid? Any good advice is appreciated.

Why PHP apps accounted for 43% of security issues in 2006PHP has become the most popular application language on the web, but common security mistakes by developers are giving PHP a bad name. Here's how PHP coding errors have become the new low-hanging fruit for attackers, contributing to the phishing problems on the web. PHP became one of my favorite languages because of how quickly one can write a highly functional, standards-based web application with a database back-end. Unfortunately, attackers are taking these applications down even faster than they appear. I'm sure I'll receive my share of flames under this...

November 27, 2004 THE SATURDAY PROFILE The Fear Born of a Much Too Personal Look at Jihad By RICHARD BERNSTEIN BREMEN, Germany THE first thing to know about the woman known widely here as Doris Glück is that Doris Glück is not her real name. She won't tell you her given name, or even her official new name - provided by the German police - beyond the first name and initial, Regina S. She won't say where she lives, either, and when she meets you at the railroad station in Bremen, she is clearly anxious to get away quickly lest...

The LAMP (Linux, Apache, MySQL, PHP/Perl) software stack is emerging as a popular and cost-effective Web development platform. This is understandable given that it comprises a free operating system, Web server, database, and scripting language. However, a problem with having a number of separate open source components is integration. The XAMPP project aims to eliminate this problem. With XAMPP, there is no reason for developers to skip over an open source solution when considering Web development platforms. The XAMPP download includes more than just Apache, MySQL, PHP, and Perl. It also includes a number of related open source packages. Included...

I would like to start a forum for Republican WebMasters. On my site, http://www.electgop.net, I use PHP and mySQL database. (like ASP and MS SQL Server, only Free) This enables rapid development of database driven web sites that can send email as well as collect information from online forms. I will mentor aggressive Republican Webmasters, who would truly help to get the Right information out to voters. Ken Weide, WebMaster http://www.electgop.net DFW (Dallas/Fort Worth), Texas

PHP Scripting flaw threatens Web servers A flaw found in newer versions of the PHP Web server scripting language could allow attackers to crash, and in some cases control, computers over the Internet, an open-source developer group announced Monday. The vulnerability affects versions 4.2.0 and 4.2.1 of PHP, according to the PHP Group. The flaw compromises different computer architectures in different ways: Web servers running on Intel IA-32 hardware could crash, while other systems, including Sun Microsystems' Solaris, could allow the attacker to infiltrate the computer. The flaw occurs because of a problem in the way PHP handles the memory...