[thelist] RE: PHP 'proof of concept' virus developed

Seb Barre sebastien at oven.com
Tue Jan 9 17:52:26 CST 2001


At 12:24 PM 1/9/2001 -0800, Erika Meyer wrote:
>I'm curious as to what the meaning of all this is.  Is this virus somehow 
>different than a virus created in another scripting language?  I don't 
>really understand why it's called a "hypertext" virus, or what a 
>"hypertext preprocessor" is for that matter.
>
>It's of interest to me, because I am wanting to learn more about PHP... 
>but I want to make sure this kind of thing doesn't start to scare users 
>away from PHP enabled sites.  You know how people were (and some still 
>are) freaky about JavaScript (I still can't figure out why people were 
>afraid of JavaScript...)

I find it amusing (and discrediting) that the article trails off into a 
sales pitch for said whistle-blower's anti-virus product..

I think they're making a mountain out of a molehill, to drum up knee-jerk 
sales for their product.  If I were really cynical I would even suggest 
they commissioned someone to write it for them so they could "find" it.

There is nothing new about what they're reporting, other than the fact that 
the "virus" is in PHP.  If you run something on your machine that is 
compiled, no matter _what_ language it's written in, make sure you trust 
the author or the site you got it from.  Better yet, if available (yay open 
source), review the source code yourself (or pay someone else to do it).

Otherwise you can't complain when it nukes your drive or sends your banking 
info off to a server in Russia or Bangladesh.

Experienced jumpers pack their own parachutes for the same reason 
experienced developers write their own code.  ;-)



--- -- -
Seb Barre - seb at oven.com
OVEN Digital Toronto
Work  : 416-595-9750 x 222
Mobile: 416-254-5078
http://www.oven.com/





More information about the thelist mailing list