Friday, December 6, 2013

More PHP security mayhem

The theme of this article in eWeek follows on from my earlier post about the trouble of securing the "computers" we forget about such as routers, etc. Earlier versions of PHP have a severe security risk, effectively allowing an attacker to run unauthorised commands, install malware etc on servers running PHP scripts. This issue gets severely compounded when we have a plethora of connected devices running PHP (needlessly IMO) with no clear system or mechanism for applying security patches to them ("when did you last upgrade your router's firmware?").

No comments: