Someone just tried to add a security backdoor in the PHP language
PHP has immediately moved their developed to GitHub
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Two malicious changes were made to the development branch of the upcomingPHP v8.1in an attempt to add a backdoor to any website that runs this tainted version of the popularweb developmentlanguage.
While the objectionable code was caught and removed within a few hours, given the fact that PHP powers almost 80% of allwebsiteson the Internet, the PHP developers have made some key infrastructural changes while they investigate the incident.
“While investigation is still underway, we have decided that maintaining our own git infrastructure is an unnecessary security risk, and that we will discontinue the git.php.net server,”shared PHP maintainerNikita Popov.
We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.
Click here to start the survey in a new window«
Ramping up security
The threat actors made the two code changes in the name of Popov and PHP co-author Rasmus Lerdorf.
Both the changes were innocently captioned to reflect that they fixed typos in the code. Since all changes go through a mandatory post-commit code review, the true intentions of the malicious changes were soon unraveled.
The threat actors must have assumed that using the name of senior PHP developers wouldn’t subject the changes to a detailed examination, especially for something as trivial as a typo fix. Their scheme fell apart though when a PHP developer pinged Lerdorf to explain the intention of the code that was committed in his name.
Popov added that while the developers aren’t sure what exactly allowed the threat actors to make the modifications, prima facie evidence points to a compromise of PHP’s git server, rather than a compromise of an individual git account.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
This is why, even while the developers are investigating the attack, they’ve moved PHP development to GitHub, which puts a greatonus on security.
Popov rounds up by sharing that the developers are reviewing the repositories for any corruption beyond the two changes that have caught.
Via:BleepingComputer
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
This new phishing strategy utilizes GitHub comments to distribute malware
Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’
