PHP’s Git Server Hacked To Add Backdoors To PHP Source Code

dotancohen writes: Late Sunday night, on March 28, 2021, Nikita Popov, a core PHP committer, released a statement indicating that two malicious commits had been pushed to the php-src Git repository. These commits were pushed to create a backdoor that would have effectively allowed attackers to achieve remote code execution through PHP and an HTTP header. “The incident is alarming considering PHP remains the server-side programming language to power over 79% of the websites on the Internet,” adds BleepingComputer.

“In the malicious commits [1, 2] the attackers published a mysterious change upstream, ‘fix typo’ under the pretense this was a minor typographical correction. However, taking a look at the added line 370 where zend_eval_string function is called, the code actually plants a backdoor for obtaining easy Remote Code Execution (RCE) on a website running this hijacked version of PHP.”

According to Popov, the first commit was detected a couple hours


Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/d9Hr-PKq3Dw/phps-git-server-hacked-to-add-backdoors-to-php-source-code

Original article

Hackers backdoor PHP source code after breaching internal git server

Enlarge (credit: BeeBright / Getty Images / iStockphoto)
A hacker compromised the server used to distribute the PHP programming language and added a backdoor to source code that would have made websites vulnerable to complete takeover, members of the open source project said.
Two updates pushed to the PHP Git server over the weekend added a line that, if run by a PHP-powered website, would have allowed visitors with no authorization to execute code of their choice. The malicious commits here and here gave the code the code-injection capability to visitors who had the word “zerodium” in an HTTP header.
PHP.net hacked, code backdoored
The commits were made to the php-src repo under the account names of two well-known PHP developers, Rasmus Lerdorf and Nikita Popov. “We don’t yet know how exactly this happened, but everything points toward a compromise of the git.php.net server (rather than a compromise of an individual git account),”


Original URL: https://arstechnica.com/?p=1752909

Original article

OpenAI’s Text-Generating System GPT-3 is Now Spewing Out 4.5 Billion Words a Day

One of the biggest trends in machine learning right now is text generation. AI systems learn by absorbing billions of words scraped from the internet and generate text in response to a variety of prompts. It sounds simple, but these machines can be put to a wide array of tasks — from creating fiction, to writing bad code, to letting you chat with historical figures. From a report: The best-known AI text-generator is OpenAI’s GPT-3, which the company recently announced is now being used in more than 300 different apps, by “tens of thousands” of developers, and producing 4.5 billion words per day. That’s a lot of robot verbiage. This may be an arbitrary milestone for OpenAI to celebrate, but it’s also a useful indicator of the growing scale, impact, and commercial potential of AI text generation. OpenAI started life as a nonprofit, but for the last few years, it


Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/UQRloH4wUCY/openais-text-generating-system-gpt-3-is-now-spewing-out-45-billion-words-a-day

Original article

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: