Heine Mon, 2013/02/18 - 12:59
Heine Thu, 2012/11/29 - 19:24
If you get bogus dates back from MSSQL, make sure PHP is compiled against the FreeTDS libary that's currently in use. If not, recompile PHP.
Heine Wed, 2012/10/24 - 11:24
SA-CORE-2012-003 fixes an issue in the Drupal installer that enables an attacker to cause the site to use a different attacker-controlled database.
The installer vulnerability was found while preparing my DrupalJam presentation (NL) on security audits and reported via the (awesome!) SecuriTeam Secure Disclosure program. As promised on IRC & Reddit, here's some additional information on the root cause(s).
Heine Mon, 2012/06/11 - 10:31
The security landscape is changing. There's been on and off talk about bounties for security vulnerabilities and some firms already buy vulnerabilities (SecuriTeam, ZDI). This also causes me to re-evaluate the value of a vulnerability.
Suppose I've recently found an arbitrary code execution vulnerability that could very likely be exploited on a large fraction of 400K+ Drupal sites.
What do you think I should do with it?
For the comments: What's your opinion on a security vulnerability bounty program?
Update: I've reported the vulnerability via SecuriTeam. It has been fixed with the release of Drupal 7.16. See SA-CORE-2012-003 for details.
Heine Fri, 2012/03/09 - 11:06
Heine Sat, 2012/02/25 - 21:12
De Opinie in de Arts & Auto (Feb 2012) —een uitgave van de Vereniging voor Arts, Kwakzalver & Auto (VvAA)— verwijst naar een publicatie van Dewey over het homeopatisch behandelen van Influenza in 1918.
Na enig speurwerk heb ik een kopie gevonden en bijgevoegd voor geïnteresseerden.