Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Joe Devon's Blog:
How to get your talk accepted, experiences on the advisory board of Semtech & Zend
Sep 08, 2011 @ 09:56:58

As a result of the ZendCon advisory board for this year's event, Joe Devon has posted a guide that wants to help you get your talks accepted to conferences in the future (both PHP-related and not).

For those who don’t know what an advisory board is, conference organizers get loads of proposals and need help deciding who should speak. So they ask others in the industry to provide some feedback. It was quite a learning experience.

He talks some about the "speaker backlash" that comes from being rejected, a lack of professionalism in some submittors and some basic (common sense) recommendations like:

  • fill out the form completely, even if you don't think it's all useful
  • start locally and then move up. A major conference isn't the place to try out your speaking first-shot
  • whet the board's appetite - make them want to hear more about the topic or come up with something new
  • share your unique experience with the technology
  • use sites like Joind.in, Meetup and SlideShare to your advantage
tagged: zencon11 advisory board talk session selection experience accepted

Link:

Community News:
Avaya Products PHP Multiple Vulnerabilities
Nov 06, 2007 @ 08:56:00

As mentioned in this new security advisory from Avaya, there's a risk that the PHP version included with their Messaging systems could provide a hole for a would-be attacker to gain access.

Issues have been reported in the following:

  • integer overflow vulnerabilities in the PHP gd extension
  • integer overflow vulnerability in the PHP chunk_split function
  • a security update has introduced a bug into PHP session cookie handling
  • vulnerability in the PHP money_format function
  • vulnerability in the PHP wordwrap function
  • vulnerability in PHP session cookie handling
  • vulnerability in the PHP gc extension

The advisory contains links to more information from RedHat on these issues and includes a list of systems effected as well as recommended actions to take.

tagged: secunia advisory avaya security messaging secunia advisory avaya security messaging

Link:

Community News:
Avaya Products PHP Multiple Vulnerabilities
Nov 06, 2007 @ 08:56:00

As mentioned in this new security advisory from Avaya, there's a risk that the PHP version included with their Messaging systems could provide a hole for a would-be attacker to gain access.

Issues have been reported in the following:

  • integer overflow vulnerabilities in the PHP gd extension
  • integer overflow vulnerability in the PHP chunk_split function
  • a security update has introduced a bug into PHP session cookie handling
  • vulnerability in the PHP money_format function
  • vulnerability in the PHP wordwrap function
  • vulnerability in PHP session cookie handling
  • vulnerability in the PHP gc extension

The advisory contains links to more information from RedHat on these issues and includes a list of systems effected as well as recommended actions to take.

tagged: secunia advisory avaya security messaging secunia advisory avaya security messaging

Link:

Advisory:
Gentoo Linux PHP Package Upgrade
Oct 08, 2007 @ 09:45:00

The Gentoo linux group has made a new package release for the PHP on their distribution:

PHP contains several vulnerabilities including buffer and integer overflows which could lead to the remote execution of arbitrary code. [...] There is no known workaround at this time. All PHP users should upgrade to the latest version.

You can get more information on the issues that the new package corrects from the Gentoo advisory and use their emerge package manager to make the upgrade automatically.

tagged: gentoo linux advisory package update vulnerability gentoo linux advisory package update vulnerability

Link:

Advisory:
Gentoo Linux PHP Package Upgrade
Oct 08, 2007 @ 09:45:00

The Gentoo linux group has made a new package release for the PHP on their distribution:

PHP contains several vulnerabilities including buffer and integer overflows which could lead to the remote execution of arbitrary code. [...] There is no known workaround at this time. All PHP users should upgrade to the latest version.

You can get more information on the issues that the new package corrects from the Gentoo advisory and use their emerge package manager to make the upgrade automatically.

tagged: gentoo linux advisory package update vulnerability gentoo linux advisory package update vulnerability

Link:

Secunia.com:
Fedora update for PHP
Sep 19, 2007 @ 08:58:00

As mentioned in this advisory on the Secunia website (reposted from the original advisory) the Fedora Linux group has posted an update for their PHP package to bring it up to date with the recent PHP 5.2.4 release.

Fedora has issued an update for php. This fixes a weakness and some vulnerabilities, where some have unknown impacts and others can be exploited by malicious users and malicious, local users to bypass certain security restrictions.

You can find the complete list of packages that were updated in their advisory posting and a brief mention of the easiest way for you to update your distribution (yum).

tagged: fedora advisory secunia package yum update fedora advisory secunia package yum update

Link:

Secunia.com:
Fedora update for PHP
Sep 19, 2007 @ 08:58:00

As mentioned in this advisory on the Secunia website (reposted from the original advisory) the Fedora Linux group has posted an update for their PHP package to bring it up to date with the recent PHP 5.2.4 release.

Fedora has issued an update for php. This fixes a weakness and some vulnerabilities, where some have unknown impacts and others can be exploited by malicious users and malicious, local users to bypass certain security restrictions.

You can find the complete list of packages that were updated in their advisory posting and a brief mention of the easiest way for you to update your distribution (yum).

tagged: fedora advisory secunia package yum update fedora advisory secunia package yum update

Link:

SecurityReason:
Three Advisories for PHP 5.2.4 (dl, iconv_substr & setlocale)
Sep 13, 2007 @ 10:33:00

The SecurityReason website has three new advisories posted concerning the latest release in the PHP 5 series:

The dl() overflow is marked as a medium threat (largely because it allows for arbitrary code execution) but the other two are shown as low threat. A patch is also given for the dl() issue to help correct the problem.

tagged: php5 advisory dl iconv_substr setlocale medium low php5 advisory dl iconv_substr setlocale medium low

Link:

SecurityReason:
Three Advisories for PHP 5.2.4 (dl, iconv_substr & setlocale)
Sep 13, 2007 @ 10:33:00

The SecurityReason website has three new advisories posted concerning the latest release in the PHP 5 series:

The dl() overflow is marked as a medium threat (largely because it allows for arbitrary code execution) but the other two are shown as low threat. A patch is also given for the dl() issue to help correct the problem.

tagged: php5 advisory dl iconv_substr setlocale medium low php5 advisory dl iconv_substr setlocale medium low

Link:

Zend:
Zend Technologies and COMMON Create PHP Advisory Group
Jul 18, 2007 @ 13:56:00

In a new press release (as posted on the ITJungle.com website), Zend has announced a collaboration between it and the COMMON Group to create a PHP advisory group:

Just before the July 4th holiday, Jim Dillard, the IBM alliance manager at Zend, and Ron Newman, who is chairman of COMMON's Advocacy Team and president of technology consulting firm Newmark Technologies, sent out a joint appeal via email for people to join the Zend Advisory Group.

The idea behind the group is to get together a bunch of COMMON members and have them provide direct input to Zend so the unique capabilities of the System i platform can be addressed more fully by Zend's products and to help Zend better understand how to interface with and deliver products to midrange customers.

Wondering if you (or your company) are in the group they're looking for? Here's some of the requirements:

  • Are you currently a programmer using the System i?
  • Have you installed Zend Core for i5/OS?
  • Do you have a PHP application running now?
  • Do understand the process of creating a call to the DB2 database?
  • Can you invoke RPG commands via the PHP toolkit?

If this is you and you'd like ot get in on the group, send an email along to Ron Newman for more information.

tagged: zend common advisory group i5os os400 platform ibm zend common advisory group i5os os400 platform ibm

Link: