PHP 5.3.29 is available, PHP 5.3 reaching end of life
The PHP development team announces the immediate availability of PHP 5.3.29. This release marks the end of life of the PHP 5.3 series. Future releases of this series are not planned. All PHP 5.3 users are encouraged to upgrade to the current stable version of PHP 5.5 or previous stable version of PHP 5.4, which are supported till at least 2016 and 2015 respectively.
PHP 5.3.29 contains about 25 potentially security related fixes backported from PHP 5.4 and 5.5.
For source downloads of PHP 5.3.29, please visit our downloads page. Windows binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.
For helping your migration to newer versions please refer to our migration guides for updates from PHP 5.3 to 5.4 and from PHP 5.4 to 5.5.
http://php.net/
Threats to virtual environments
In the past few years the virtualization concept becomes very popular. A new study by Symantec [1] discussed the threats to the virtual environment and suggests the best practice to minimize the risk.
The study show the new security challenges with the virtual environment, threats such as that the network traffic may not be monitored by services such as IDS or DLP. Â Â Â
The paper covers how malware behave in virtual environment . One example of malware that target virtual machines is W32.Crisis .This malware doesnâ??t exploit any specific vulnerability , basically it take the advantage of how the virtual machines are stored in the host system. Virtual machine is stored as a set of files on the storage and it can be manipulated or mounted by free tools.
The study address using VMs as a system for malicious code analysis, for example in some cases when a malicious code detects thatâ??s its running in a virtual machine it will send a false data such as trying to connect to C&C with wrong IP. Â The study show that the number of malware that detect Vmware has been increased in the past couple years. For more reliable results the study suggests that security researcher should use physical hardware in controlled network instead of virtual machines. Â
In the last section of the paper it suggest the best practice to secure the virtual environment.
1 http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/threats_to_virtual_environments.pdf
Comments