Search engines have for a long time been a good helper of people trying to find sensitive information or vulnerabilities on the web. When you have a few billion documents indexed, it is inevitable some things that should remain private inadvertainly end up in public directories and get indexed, then its just a matter of writing a sufficiently creative search query to find that data. There are even sites that aggregate "interesting" search queries designed to quickly locate sensetive data such as Google Hacking Database from "Johny" that has queries to find everything from old vulnerable software to credit card numbers, etc... There have also been attempts to identify things like SQL injection and XSS by locating sites collecting common form of input and then checking to see if said input is not validated. A good example of this can be found on Michael Sutton's blog, who used Google to generate statistics to identify the frequency of SQL injections. But this approach is does not really show you the...

After 2 weeks of inaction 5.2.0 final release is finally in sight. A few minutes ago I've released the last (I mean it this time) release candidate of 5.2.0, RC5. If all goes well a week from now 5.2.0 final will be out ready for use. In the meantime I'd like to ask once again that everyone try this RC, which can downloaded from here: http://downloads.php.net/ilia/php-5.2.0RC5.tar.bz2 (md5sum: 9a7fb788fbfd2beb8ed7aecb0a7d1598) I don't think you'd be able to find any major issues or regressions in this RC, but if you do certainly let me know, if necessary RC6 is not out of the question.

If you have been monitoring PHP's internal mailing list you probably know that over the last few weeks we've been locked in a stalemate in regard to the API revision of the filter extension brought to light by Dan from our documentation team. This is also the reason why despite this being early October PHP 5.2 is still not out. Fortunately, after mediation with Derick and Pierre the two protagonists of the filter conundrum a compromise was finally reached. I took Pierre's proposed patch for the filter extension and based on it made a fairly series of adjustments yielding a very clear and flexible API (I hope) that seems to keep everyone happy. The patch was committed late last night and given lack of complaints today, I think we've finally got this issue resolved. YEY! The only downside, is that my proposal to rename the filter extension to "Ilia' Awesome Filter Extension" was shot-down, with only Tony being in favor, oh well, I guess you can't have it all. On a related note, since filter issue is n...