PHP.net hacked, but most things are fine again
Between 22nd and 24th October 2013 php.net served JavaScript malware (that was built to use security holes in the usually insecure Flash player) to users, but php downloads / source tarballs are not affected.
As stated by php.net, everything is fine again. I’ve put a link to the full attacker’s JS code at the end of the article, this might be interesting for JS guys. This will hopefully lead to a rethinking of how php.net handles its server mirroring.
Update: Parts of the site which use SSL are not accessable for a short time.
Update: All passwords for the site have been reset.
Update: The PHP git repo is now read-only.
More here:
http://php.net/archive/2013.php#id2013-10-24-1
http://barracudalabs.com/2013/10/php-net-compromise/
The full code of the attacking malware JavaScript (very interesting read!) can be found here:
http://pastebin.com/XD0KyLxu
Random articles
New GitHub repo: simple php-long-polling for creating real-time apps- PHP 5.6 announced, statically typed (!) “new” PHP announced by Facebook devs
Facebook releases HipHop (HHVM) 3.0, adds mysqli and support for Hack language- Wow! Facebook devs have rewritten and fixed PHP, releasing it as new language called “Hack” today
- The first micro framework written in Hack is there: hack-mvc !
Hacked french TV channel exposed passwords in TV interview (video, screenshots, links)
The New Era of JavaScript (28min conference talk, Jack Franklin, 2013)
PayPal drops Java, goes node.js / JavaScript
O’Reilly’s Learning JavaScript Design Patterns by Addy Osmani for free
Wow!