NYCPHP Meetup

NYPHP.org

[nycphp-talk] Tricks with __FILE__?

Chris Bielanski Cbielanski at inta.org
Fri Jul 16 13:05:59 EDT 2004 

> debug_backtrace()
> 
> -adam

More groovy than an old LP... ;)

Thanks,
Chris Bielanski
Web Programmer, 
International Trademark Association,
1133 Avenue of the Americas, 33rd Floor
New York, NY 10036
+1 (212) 642-1745, f: +1 (212) 768-7796
mailto:cbielanski at inta.org, www.inta.org  
INTA -- 125 Years of Excellence


>From hans not junk at nyphp.com  Sat Jul 17 01:09:12 2004
Return-Path: <hans not junk at nyphp.com>
Received: from smtp11.intermedia.net (smtp11.intermedia.net [64.78.21.10])
	by virtu.nyphp.org (Postfix) with ESMTP id 7F045A85EA
	for <talk at lists.nyphp.org>; Sat, 17 Jul 2004 01:09:12 -0400 (EDT)
Received: from ehost011-1.exch011.intermedia.net ([64.78.21.3]) by
	smtp11.intermedia.net with Microsoft SMTPSVC(6.0.3790.0); 
	Fri, 16 Jul 2004 22:09:11 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [nycphp-talk] Basic security question
Date: Fri, 16 Jul 2004 22:09:11 -0700
Message-ID: <41EE526EC2D3C74286415780D3BA9F87031D3738 at ehost011-1.exch011.intermedia.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: [nycphp-talk] Basic security question
Thread-Index: AcRp1/TEfGCmP5qARnOUfrxVWE2oowB4i0sg
From: "Hans Zaunere" <hans not junk at nyphp.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
X-OriginalArrivalTime: 17 Jul 2004 05:09:11.0574 (UTC)
	FILETIME=[32560B60:01C46BBC]
X-BeenThere: talk at lists.nyphp.org
X-Mailman-Version: 2.1.4
Precedence: list
Reply-To: NYPHP Talk <talk at lists.nyphp.org>
List-Id: NYPHP Talk <talk.lists.nyphp.org>
List-Unsubscribe: <http://lists.nyphp.org/mailman/listinfo/talk>,
	<mailto:talk-request at lists.nyphp.org?subject=unsubscribe>
List-Archive: <http://lists.nyphp.org/pipermail/talk>
List-Post: <mailto:talk at lists.nyphp.org>
List-Help: <mailto:talk-request at lists.nyphp.org?subject=help>
List-Subscribe: <http://lists.nyphp.org/mailman/listinfo/talk>,
	<mailto:talk-request at lists.nyphp.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Jul 2004 05:09:13 -0000


> Every attack wether web or otherwise I have heard about starts with
> learning as much as you can about the target's systems, then seeking
> to exploit some either known or unknown security holes in the software
> that system is running.

Yes and no...

If the attacker is going after attacking the *host* then this is true.
However, most web attacks are at a different level, and thus not
specific to any one platform - ie. XSS.

While certainly related, host and web security are in different playing
fields.  If someone is trying to crack the box, then you better be sure
you turned off all the legacy UNIX ports, have the most updated patches
to Apache/sendmail/etc.  If someone is trying to work over your web
application, then it's strictly the application.

> Knowing that, why reveal anything? Make the potential attacker work
> for every peice of information they want. Set the apache server string
> to claim it is some recent release of IIS, tell all the services not
> to advertise they are running, save your .php files as .exe and tell
> apache just to interpret apropriatly. etc. Obviously if you choose to
> run some off the shelf application (ie phpBB) you will let the cat out
> of the bag, but seperating it to a subdomain may only add to the
> confusion.
>=20
> Does anyone see any real advantage to this approach?

Personally, I don't.  Plain and simple, it's so easy to determine your
platform just by looking at the TCP/IP packets (called OS
fingerprinting).  Besides that, there are so many ways a box leaks it's
identity (apache/smtp/ftp/ssh/etc) that unless all of these are obscured
(which is quite tedious) you're only adding more work for yourself, and
possibly preventing legit identification.

Furthermore, most exploits don't lie in the platform or language used.
Again, since we're talking web application security, the problem lies in
the application itself.  If it's an off the shelf app as you point out,
there's nothing that can be done.  And if it's a custom app, the attacks
people use are frankly cross platform anyway.

Once again, since we're talking web security for the most part, attacks
are at a different level - and independent - of what platform is used,
assuming you're not ignoring relevant patches.

An XSS hole?  SQL injection?  Session hijacking?  Does it really matter
what platform is in use?

I proudly run .php extensions, default error messages, and the
X-Powered-By: PHP   HTTP header.

H


>From hans not junk at nyphp.com  Sat Jul 17 01:15:31 2004
Return-Path: <hans not junk at nyphp.com>
Received: from smtp11.intermedia.net (smtp11.intermedia.net [64.78.21.10])
	by virtu.nyphp.org (Postfix) with ESMTP id E276CA85EA
	for <talk at lists.nyphp.org>; Sat, 17 Jul 2004 01:15:30 -0400 (EDT)
Received: from ehost011-1.exch011.intermedia.net ([64.78.21.3]) by
	smtp11.intermedia.net with Microsoft SMTPSVC(6.0.3790.0); 
	Fri, 16 Jul 2004 22:15:30 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [nycphp-talk] PHP-related book comments
Date: Fri, 16 Jul 2004 22:15:27 -0700
Message-ID: <41EE526EC2D3C74286415780D3BA9F87031D3739 at ehost011-1.exch011.intermedia.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: [nycphp-talk] PHP-related book comments
Thread-Index: AcRqestUNKE1DPowQiClVxIbXrz1bgBQcdcg
From: "Hans Zaunere" <hans not junk at nyphp.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
X-OriginalArrivalTime: 17 Jul 2004 05:15:30.0464 (UTC)
	FILETIME=[142C1200:01C46BBD]
X-BeenThere: talk at lists.nyphp.org
X-Mailman-Version: 2.1.4
Precedence: list
Reply-To: NYPHP Talk <talk at lists.nyphp.org>
List-Id: NYPHP Talk <talk.lists.nyphp.org>
List-Unsubscribe: <http://lists.nyphp.org/mailman/listinfo/talk>,
	<mailto:talk-request at lists.nyphp.org?subject=unsubscribe>
List-Archive: <http://lists.nyphp.org/pipermail/talk>
List-Post: <mailto:talk at lists.nyphp.org>
List-Help: <mailto:talk-request at lists.nyphp.org?subject=help>
List-Subscribe: <http://lists.nyphp.org/mailman/listinfo/talk>,
	<mailto:talk-request at lists.nyphp.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Jul 2004 05:15:31 -0000


> oh.. so that's how that happens... it annoys me, too, as I like to
have
> nicely formatted html (even tho it doesn't affect the output)

Well amen... I've lobbied for this for years, both on the bug report
system and to PHP's developers' faces, but to no avail.

And if you think it's annoying when dealing with HTML, try writing a CLI
script that runs on the console!

I say we get a petition going around to fix this :)  (fairly simple fix
from what Ilia and Derick said to me once).

H

More information about the talk mailing list