Tales from the wrong end

Marcus Bointon (01.Jul.2017 at 13:30, 45 min)
Talk at Dutch PHP Conference 2017 (English - US)

Rating: 5 of 5

I'm the maintainer of a very popular open-source PHP package - PHPMailer. In December 2016, two critical remote code execution vulnerabilities were found in PHPMailer, affecting potentially tens of millions of sites. There's a lot that goes on behind a CVE number - I'd been involved in reporting some minor security issues in the past, but nothing of this magnitude, and never at the receiving end, so I found myself at the start of a steep learning curve and an emotional roller-coaster. This is the story.

Who are you?

Claim talk

Talk claims have been moved to the new Joind.in site.

Please login to the new site to claim your talk

Want to comment on this talk? Log in or create a new account or comment anonymously

Write a comment

 
Please note: you are not logged in and will be posting anonymously!
= nine minus zero

Comments

Rating: 5 of 5

01.Jul.2017 at 14:28 by Coen Dunnink (6 comments) via Web2 LIVE

Nice story about a bug and the implecations

Rating: 5 of 5

01.Jul.2017 at 14:31 by Mairsil (36 comments)

Very well presented talk about the various things you may have to deal with with a vuln like this. And a few nice useful pointers too.

Rating: 5 of 5

01.Jul.2017 at 20:06 by Onno Lissenberg (44 comments)

Take my internet points for a job well done :)

Rating: 5 of 5

01.Jul.2017 at 20:48 by Frits van Campen (30 comments) via Web2 LIVE

I was hoping for an edutaining story and you delivered.

Rating: 5 of 5

02.Jul.2017 at 09:00 by Peter lindqvist (4 comments) via Web2 LIVE

Well prepared, well presented talk.

Rating: 5 of 5

02.Jul.2017 at 21:33 by Peter Meijer (14 comments) via Web2 LIVE

One of the best talks at DPC17.

Good build-up of the story and excellent explaining what has happend.

Rating: 4 of 5

03.Jul.2017 at 09:18 by Martijn (13 comments) via Web2 LIVE

This was the second talk I attended from Marcus, and it did not disappoint.

The story itself was entertaining, the speaker gave a personal insight how the discovery of a security issue itself triggered a whole lot of work and investigation how to solve it.

Hopefully I won't encounter myself in a similar situation :)

Rating: 5 of 5

04.Jul.2017 at 15:13 by Sjoerd Maessen (14 comments) via Web2 LIVE

A very "honest" talk with some interesting points. I liked how you made the talk personal.

© Joind.in 2017