I read today in the November 15th issue of Software Development Times that buffer overflows are no longer the most common update security problem reported by CVE cve.mitre.org The three most common types of security vulnerabilities in 2005 were cross-site scripting SQL injection and buffer overflows So far in 2005, buffer overflows has lost the #3 place to PHP remote includes. The good news is that Perl has long had ... read more |
This week the Perl community lost one of its long time contributors, Nick Ing-Simmons, who died of a heart attack on Monday September 25th 2006. Nick joined the Perl community in the early days of Perl 5. He consistently contributed to the perl5-porters mailing list and later became pumpkin for 5.003_02 where he added the initial implementation of the PerlIO layer. Nick is probably best known for his work on ... read more |
Mark Stosberg wrote a great article on perlmonks called "Take Back Your Modules" about the responsibilities module users have for the modules they use. ... read more |
John Wang has a great blog entry titled Perl 5 Powering Web 2.0 that points at all the web apps out there that are done in good ol' Perl 5. You don't have to have Rails to do amazing things with the web. You want frameworks, we got frameworks! ... read more |
The Chicago Perl Mongers and The Perl Foundation are proud to announce the Fall 2006 Chicago Hackathon, the weekend of November 10-12, 2006 in suburban Crystal Lake, IL. It will be a round-the-clock weekend of programming on Perl-related projects with your colleagues in the open source community. Dozens of programmers from the open source community in the midwest, as well as others from around the US, will be getting together ... read more |
Over the past several years, one key aspect of the migration plan to Perl 6 has been the Ponie project, a fusion of the Perl 5 runtime with Parrot. Sponsored by Fotango, Artur Bergman and Nicholas Clark did a heroic job cleaning up Perl's internals to make it possible to replace some components of Perl 5 with Parrot, one piece at a time, while still keeping the core of the ... read more |
The Perl community has released a fix to the sprintf function that was recently discovered to have a buffer overflow in very specific cases. All Perl users should consider updating immediately. Dyad Security recently released a security advisory explaining how in certain cases, a carefully crafted format string passed to sprintf can cause a buffer overflow. This buffer overflow can then be used by an attacker to execute code on ... read more |
The Perl community has updated the core module Sys::Syslog to help alleviate a security hole in the Webmin web administration package. All Webmin users should update immediately to the updated version of Sys::Syslog. Dyad Security released a security advisory explaining how arbitrary, untrusted data can get passed by Webmin into Perl's Sys::Syslog module as a sprintf format string. This allows an attack to create arbitrarily large strings, overwhelming server resources ... read more |