PHP Session IDs Can Be Guessed

Author: Donald Sears

March 30, 2010 7:02 pm

Security expert Andreas Bogk warns that, despite recent PHP
improvements, the session IDs of users who are logged into PHP
applications remain guessable. Upon close examination, the alleged
improvements display frightening weaknesses. Read the full article. [The H Security]

Critical Vulnerability Patched in Roundcube Webmail

Open source webmail provider Roundcube was patched against a vulnerability that could be trivially exploited to run code on servers or access email accounts.

Researchers Call for Ban on PHP SuperGlobal Variables

Researchers urge developers to ban PHP SuperGlobal variables in applications. These variables are wide open to remote code execution, remote file inclusion and security bypasses.

Flawed EMV Chip-and-PIN Protocol Paves Way To Fraudulent ATM and POS Transactions

A flaw in the EMV protocol which lays out the rules for chip-and-PIN card transactions at ATMs and point-of-sale terminals could enable persistent attackers to carry out bogus card transactions.

PHP Session IDs Can Be Guessed

Suggested articles

Critical Vulnerability Patched in Roundcube Webmail

Researchers Call for Ban on PHP SuperGlobal Variables

Flawed EMV Chip-and-PIN Protocol Paves Way To Fraudulent ATM and POS Transactions

InfoSec Insider

Securing Your Move to the Hybrid Cloud

Why Physical Security Maintenance Should Never Be an Afterthought

Conti’s Reign of Chaos: Costa Rica in the Crosshairs

How War Impacts Cyber Insurance

Rethinking Vulnerability Management in a Heightened Threat Landscape

Topics

Authors

Threatpost

InfoSec Insider

Topics

Authors

Threatpost

Infosec Insider Post

Sponsored Content