Details remain foggy about a recent security breach at the PHP PEAR website, a crucial, but lesser-known part of the PHP ecosystem. More security news Popular WordPress plugin hacked by angry former employee Russia: We’re suing Facebook, Twitter for snubbing law on storing users’ data locally DNC says Russia tried to hack its servers again in November 2018 Smaller, cheaper: How these tiny satellites are spinning off new space data movement PEAR, which stands for “PHP Extension and Application Repository,” is the first package manager that was developed for the PHP scripting language back in the 1990s, and works by allowing developers to load and reuse code for common functions delivered as PHP libraries. While currently most PHP developers have switched to using Composer, a newer third-party package manager, PEAR still remains very popular and is still very widespread because it’s also been included by default with all official PHP binaries for Linux. PHP developers can use the PEAR version that ships with their PHP distribution, but they can also download an updated PEAR (go-pear.phar) version from the PEAR website (which also hosts all PEAR-compatible PHP libraries). However, last week, the PHP PEAR website –located at pear.php.net– was taken down and its homepage replaced with a short message announcing a security breach. According to the message, the PEAR team said they’ve found that the official website had been hosting a “tainted go-pear.phar” file –which is the main PHP PEAR executable. “If you have downloaded this go-pear.phar in the past six… [Read full story]
ZDNet is a business technology news website published by CBS Interactive, along with TechRepublic. The brand was founded on April 1, 1991, as a general interest technology portal from Ziff Davis and evolved into an enterprise IT-focused online publication owned by CNET Networks.