Zoneminder developers - need to consider this....

[alabamatoy]

I struggle to understand how Git works, but obviously it can be misused....I hope Zoneminder devs maintain close control over changes being submitted. Following is from SANS Newsbites:
==========================

PHP Code Repository Compromised
(March 29, 2021)

The PHP Git server was breached on Sunday, March 28. Malicious commits were added to the PHP-SRC repository in the names of PHP developer and maintainer Nikita Popov and PHP creator Rasmus Lerdorf. The fraudulent commits pretended to be typographical errors that needed correcting; they were detected before entering production. PHP maintainers are moving the code base to GitHub.

Editor's Note

[Ullrich]
In my opinion, the malicious commits were meant to be found and are more a "proof of concept" vs an actual attempt to inject a backdoor. I hope the PHP team will investigate thoroughly to identify the root cause of the breach. There is always a chance of a better-hidden backdoor left in addition to the two malicious commits identified so far.

If you are using git, either self hosted or via github: (1) ensure you are using strong multi factor authentication or keys to identify developers, (2) use signed commits to make it more difficult to impersonate developers.

Luckily, it looks like the intrusion was identified quickly enough and no current release of PHP was affected. As a PHP user, there is nothing you need to do at this point.

[Neely]
The existing processes were able to detect the unauthorized updates and triggered a security review. The risks of insourcing public facing services versus using a hosted solution have changed, particularly with tight margins and a fast-changing security landscape. Service providers such as GitHub have learned how to secure their offering. Note that that does not alleviate your responsibilities to configure and secure your repositories as well. See GitHub’s nine best security practices (https://resources.github.com)

Read more in:
- threatpost.com: PHP Infiltrated with Backdoor Malware
- www.zdnet.com: Official PHP Git server targeted in attempt to bury malware in code base
- www.theregister.com: PHP repository moved to GitHub after malicious code inserted under creator Rasmus Lerdorf's name
- www.bleepingcomputer.com: PHP's Git server hacked to add backdoors to PHP source code
- www.vice.com: Hackers Tried To Backdoor Code Used by 80% of All Websites

[iconnor]

We review every commit / PR