11 Jan '13, 3pm

Bitcoin exchange hacked via Rails exploit, funds stolen

Quote from: Kumala on Today at 01:58:50 PM Further update: The system was not breached, no passwords were compromised (they are salted and multiple times hashed anyways). The attacker used a RubyOnRails vulnerability that was released yesterday (http://www.exploit-db.com/exploits/24019/ ) to withdraw the funds therefore. Sorry for your lose. Amm ... the RoR volnurability was posted to multiple large forums, including Slashdot. Did the attacker see the announcement before you were able to realize it affects you and shut off your systems? How come you missed it for so long that you didn't shut your stuff off / upgrade in time?

Full article: https://bitcointalk.org/index.php?topic=135919.0

Tweets

Bitcoin exchange hacked via Rails exploit, fund...

news.ycombinator.com 11 Jan '13, 3pm

That is an absolutely terrible lesson to draw from this episode.First and most importantly, Airbnb and Uber are not disrup...

Bitcoin exchange hacked via Rails exploit, fund...

reddit.com 11 Jan '13, 6pm

Bitcoin exchanges are such good targets that using Rails is just flatly unacceptable. There are what, 3-4 server side Rail...

Exploit für Ruby on Rails im Umlauf

heise.de 10 Jan '13, 3pm

Für die am Mittwoch gemeldete, kritische Lücke in Ruby on Rails kursieren erste Exploits; es treffen auch bereits erste Be...

Exploit Code, Metasploit Module Out for Ruby on...

threatpost.com 10 Jan '13, 3pm

Just two days after the disclosure of a string of serious vulnerabilities in Ruby on Rails, researchers have released proo...

Top Alternative Energy Mutual Funds and ETFs for 2013

Top Alternative Energy Mutual Funds and ETFs fo...

altenergystocks.com 10 Jan '13, 2pm

The Roen Financial Report closely covers the universe of almost 30 alternative energy Mutual Funds (MFs) and Exchange Trad...

SatoshiDice Earns $6,500,000 Valuation on Sketchiest Stock Exchange Ever #bitcoin

SatoshiDice Earns $6,500,000 Valuation on Sketc...

thebitcointrader.com 10 Jan '13, 11pm

We people in the Bitcoin world have short memories, apparently. It wasn't very long ago that the Global Bitcoin Stock Exch...

Exploit voor ernstig Ruby on Rails-lek beschikbaar

tweakers.net 10 Jan '13, 3pm

Op internet is een exploit verschenen voor een ernstig Ruby on Rails-lek dat afgelopen dinsdag aan het licht is gekomen. H...

Exploit Code for Ruby on Rails Flaw Likely on t...

threatpost.com 09 Jan '13, 4pm

The vulnerabilities patched Tuesday in the Ruby on Rails Web framework have security researchers warning of the potential ...

Search Retargeting Arrives on Facebook’s Advert...

searchenginewatch.com 11 Jan '13, 8am

Search marketers got some exciting news in December. Search retargeting became available to marketers wishing to serve ads...

[remote exploits] - Ruby On Rails XML Processor...

1337day.com 11 Jan '13, 9am

Inj3ct0r is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and s...

SolarCity Lines Up Backup Service Deal For Raising Funds

SolarCity Lines Up Backup Service Deal For Rais...

renewableenergyworld.com 10 Jan '13, 8pm

The company announced the agreement on Thursday but didn't name the company, except to say that the company is an "AA- rat...

An important notice to all our passengers following yesterday’s media coverage.

An important notice to all our passengers follo...

lothianbuses.com 10 Jan '13, 12pm

Lothian Buses, through the Confederation of Passenger Transport (CPT) has an on-going dialogue with the Scottish Governmen...

Inside The Underweb: via #gAtO ✅ #infosec #tor ...

fastcompany.com 10 Jan '13, 1pm

When the German Foreign Office hosted a human rights conference several months ago, one of the invited guest organizations...

Ruby on Rails Releases 'Extremely Critical' Sec...

securityweek.com 09 Jan '13, 6pm

The latest versions, 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been updated with "two extremely critical security fixes" and...

Dutch Govt Shuts Down Ruby on Rails Servers As ...

efytimes.com 11 Jan '13, 2pm

The Dutch government took the first step. It has shut down its system dubbed as DigiD, which allows users to access severa...