Categories
Computer & Network Security>Malware|Research|Computer & Network Security>Vulnerabilities

PHP source code compromised?

Source: http://barracudalabs.com/2013/10/php-net-compromise/ 

It was announced that the PHP website was hacked and serving malware.  If the attackers had access to their internal servers, can we trust the PHP sourcecode anymore?

So far PHP Group has been unable to determine the cause of an infection to two of their servers.  According to their reports, they have recreated web servers and have revoked the PHP SSL cert and are reissuing it in case the private key was compromised.

According to Rasmus Lerdorf, PHP creator, “Not much to say about the effect on end users who visited the site during that time because the windows where the changed file was actually being served were really small and our focus has been on establishing the integrity of the PHP source code we distribute…” http://www.infoworld.com/d/security/phpnet-compromised-and-used-attack-visitors-229531

From a security perspective, it sounds like the source code is their priority, but they can’t tell us whether or not it has been compromised or not.  This does not leave much room for comfort in the integrity of the source code at the moment.  We will continue to monitor this closely.  Considering over 85%* of the web is run using PHP, this could be a serious blow to open source developers and their level of security.

Other references: http://arstechnica.com/security/2013/10/hackers-compromise-official-php-website-infect-visitors-with-malware/

*http://w3techs.com/technologies/overview/programming_language/all

See an update on who was affected by the attack.