The concept of doing network scanning via JavaScript is hardly new and is quite easy for anyone with even cursory knowledge of JavaScript. However, the assumption was that as long as you browse the web with JavaScript disabled you are safe from hostile sites from scanning your network. Alas, this was not to be, in a very interesting post Jeremiah Grossman shows how can this be done with plain HTML using no JavaScript what so ever. His methodology relies on Firefox's quirk, whereby the page loading would wait for the tag to be processed before rendering the rest of the page. This means you could use the link tag to reference local IPs and use a subsequent image to see how long did it take for the IP to respond. If the response was very quick, then you know the host has something listening on a given port and if it does not, well then the port is being blocked or filtered. The problem with his approach is that to scan an entire network would be rather slow and require multiple iframes to perform th...

There was a very interesting article posted on the Securiteam blog which talks about anonimizing code injection attacks. The approach is quite simple and yet rather ingenious, simply submit to Google the vulnerable application URL with the attack payload passed via the GET parameters. And within a short period of time Googlebot will dutifuly trying to index the URL, effectively executing the attack. Stefan had also explored this issue on his blog with some examples showing how to ensure more rapid indexing, so you wouldn't have to wait weeks for exploit to be triggered. However, everybody seemed to have focus on Google, which maybe a bit unfair to them since other search engines suffer the same kind of problems. For example if we take MSN (Microsoft's Search) and run the "inurl:cmd.gif" query that SecuriTeam folks used to test Google, we find a fair number of results. Which tells us that hackers believe in equal opportunity and use MSN as much as Google to propagate their attacks. But there are...

Damien is continuing his very handy phpinfo() research work, this time focusing on the popularity of the different PHP extensions people utilize with PHP and some interesting configuration directives such as disable_functions. You can find the graphs and summaries here and here. A very interesting read to anyone writing or considering writing distributable applications that need to work in different PHP environments.

After an extremely long (IMO) release cycle the final version of PHP 5.2.0 was finally released yesterday morning. There are many new features, speed improvements and a fair number of security changes. You can read the official release announcement for a quick summary of the major changes and the specifics can be found in a very long and somewhat boring to read changelog ;-) The bottom line is that all users of PHP 5.x should definitely upgrade and for 4.x users need to seriously start thinking about migrating as well, since we've finally got a 5 release that not only is feature complete but is also faster or at the minimum performs at the same speed as PHP 4.4. Big thanks to all the contributors who made patches, reported bugs and ran tests to hopefully make a solid release.

The slides for the Caching Systems talk are now available online, they can be downloaded here.