PHP.net hacked, but most things are fine again
Between 22nd and 24th October 2013 php.net served JavaScript malware (that was built to use security holes in the usually insecure Flash player) to users, but php downloads / source tarballs are not affected.
As stated by php.net, everything is fine again. I’ve put a link to the full attacker’s JS code at the end of the article, this might be interesting for JS guys. This will hopefully lead to a rethinking of how php.net handles its server mirroring.
Update: Parts of the site which use SSL are not accessable for a short time.
Update: All passwords for the site have been reset.
Update: The PHP git repo is now read-only.
More here:
http://php.net/archive/2013.php#id2013-10-24-1
http://barracudalabs.com/2013/10/php-net-compromise/
The full code of the attacking malware JavaScript (very interesting read!) can be found here:
http://pastebin.com/XD0KyLxu
Random articles
The first micro framework written in Hack is there: hack-mvc !- Facebook releases HipHop (HHVM) 3.0, adds mysqli and support for Hack language
- Wow! Facebook devs have rewritten and fixed PHP, releasing it as new language called “Hack” today
PHP 5.6 announced, statically typed (!) “new” PHP announced by Facebook devs- New GitHub repo: simple php-long-polling for creating real-time apps
PHPStorm: 42 Tips and Tricks (47min video talk by Mikhail Vink at Dutch PHP Conference 2015)
What’s new in PHPStorm 9
Hacked french TV channel exposed passwords in TV interview (video, screenshots, links)
Experimenting with HHVM at Etsy (Link)
Wow!