The backdooring of SquirrelMail. A SquirrelMail developer’s account was compromised and used to insert a backdoor: the other developers initially missed the hole because it used $_SERVER[’HTTP_BASE_PATH’], which can be set with a Base-Path: HTTP header.
Recent articles
- Exploring Promptfoo via Dave Guarino's SNAP evals - 24th April 2025
- AI assisted search-based research actually works now - 21st April 2025
- Maybe Meta's Llama claims to be open source because of the EU AI act - 19th April 2025