funkatron.com

Eat a dick, bitches.

Oh, and look me up on Virb if you like.

I’ve spent some of my down time in the past couple weeks working with the NIST NVD data to get stats on PHP application vulnerabilities. What follows is a breakdown of the 20 PHP-based applications that had the highest aggregate vulnerability scores (NIST assigns a score from 1-10 for the severity of each entry), and the highest total number of vulnerabilities, over the past 12 months. Of the two, I feel that the aggregate score is a better indicator of security issues.

A few caveats:

• The data here covers the period between April 1 2006 and April 1 2007.
• This obviously only includes reported vulnerabilities. There are surely a lot more applications that are very insecure, but for one reason or another haven’t had as many reports.
• I chose 20 as the cutoff mainly for the sake of making the data a little easier to swallow (and chart nicely). There are about 1,800 distinct apps in the NIST NVD that are (as far as I could determine) PHP-based.

Without further ado, here are the tepid Excel charts:

A couple notes:

• There are 25 entries in the top “20” by vulnerability count, due to matching vulnerability counts.
• I’d never even heard of MyBulletinBoard, the top entry in both lists. It hasn’t had any vulnerabilities in the NVD since September of 2006, which says something about how numerous and severe the entries between April and September 2006 were. This appears to be the same product as “MyBB,” so perhaps the situation has improved, as MyBB only has one NVD entry in the entire period (CVE-2007-0544).
• Wordpress has had a bad start to 2007, with numerous vulnerabilities that significantly increased its ranking. March 2007 was particularly bad, with 7 new vulnerabilities reported.
• Bulletin board/forum software is by far the most common type of application in the top 20. A couple forum apps that have very low numbers of vulnerability reports: Vanilla and FUDForum.

I do intend to keep this data up-to-date if people find it interesting, so let me know if you’d like me to do so, or if you’d like to see other types of analysis.

A close friend of mine lost his mom this weekend. I bet he would have given a lot than what I lost, just to be with her for a little while longer.

It’s just money.

So about a month and a half ago I turned on the ancient water softener in our basement, because we had tons of calcium deposits on our dishes. I believe I had run it for a while when we first moved in, but gave after a bit because I thought it wasn’t worth the trouble of handling the salt and such.

This morning, a guy from the water dept came to my door. He was checking to see if the meter was messed up, or if we had a leak.

Uh-oh.

I turned off the softener. The meter stopped spinning. That was “the leak.” I guess it just never shut itself off, so it was constantly running water through itself. I actually noticed it seemed to run a lot, but I’m a total novice with this shit, and assumed it was okay.

So I called the utility office, because I was concerned about what the bill might be. For good reason.

Apparently, in the month of march, we had used 115,000 gallons of water.

That will be $683, please.

And of course, since I didn’t turn it off until the middle of march, I’d expect another half that much to get tacked on for April. That should kick us up over $1000.

Coulda bought a new softener for that, and done other improvements we need.

They’ll spread it over 6 months, which is nice. I could pay it all now, but it wouldn’t be easy.

I know, I know, it’s just money, but… dammit. I was hoping we were getting ahead. And now something stupid I did cost us a whole chunk of change.

frown

Lazy day at home, with my sweetie at work and Griffin at his Mom’s place, so I decided to edit together a little bit of footage I took of him the other day in iMovie. Some corny effects, no doubt, but I thought it turned out pretty cool. 8)