11 Jan '13, 6pm

Bitcoin exchange hacked via Rails exploit, funds stolen

Bitcoin exchanges are such good targets that using Rails is just flatly unacceptable. There are what, 3-4 server side Rails exploits per year now? If you run the front of estore or something, that's okay, because your site is not enough of a target that it will be exploited. However, when you run a bitcoin exchange on Rails, two dozen black hats will take note of it and add your site to their watchlist for the next time an exploit is published. You are not going to beat them to the upgrade every time a new exploit is found. Rails is a good platform with plenty of good uses. Managing money is really, really not one of them.

Full article: http://www.reddit.com/r/netsec/comments/16dtf5/bitcoin_ex...

Tweets

Bitcoin exchange hacked via Rails exploit, fund...

news.ycombinator.com 11 Jan '13, 3pm

That is an absolutely terrible lesson to draw from this episode.First and most importantly, Airbnb and Uber are not disrup...

Bitcoin exchange hacked via Rails exploit, fund...

bitcointalk.org 11 Jan '13, 3pm

Quote from: Kumala on Today at 01:58:50 PM Further update: The system was not breached, no passwords were compromised (the...

Bitcoins stolen with Ruby on Rails exploit

bitcointalk.org 13 Jan '13, 1pm

General discussion about the Bitcoin ecosystem that doesn't fit better elsewhere. News, the Bitcoin community, innovations...

new exchanges: https://t.co/uMwJRNkV Icbit.se

bitcoin-24.com 15 Jan '13, 11am

Bitcoin-24 will not charge any fees for Bitcoin transactions! From now on, you can also deal with USD, which you can add w...

via @sharethis

deal.com.sg 17 Jan '13, 11am

Exploit für Ruby on Rails im Umlauf

heise.de 10 Jan '13, 3pm

Für die am Mittwoch gemeldete, kritische Lücke in Ruby on Rails kursieren erste Exploits; es treffen auch bereits erste Be...

Rails PoC exploits for CVE-2013-0156 and CVE-20...

ronin-ruby.github.com 10 Jan '13, 7am

Next, [ActionDispatch::Http::Parameters] takes the parsed request parameters and merges them with the path parameters. Not...

Sending funds via routing number from bank: Is ...

bitcoin.stackexchange.com 15 Jan '13, 9pm

Not without an intermediary. Banks deal with traditional currencies like Euros or US Dollars, whereas Bitcoin is completel...

SatoshiDice Earns $6,500,000 Valuation on Sketchiest Stock Exchange Ever #bitcoin

SatoshiDice Earns $6,500,000 Valuation on Sketc...

thebitcointrader.com 10 Jan '13, 11pm

We people in the Bitcoin world have short memories, apparently. It wasn't very long ago that the Global Bitcoin Stock Exch...

Exploit voor ernstig Ruby on Rails-lek beschikbaar

tweakers.net 10 Jan '13, 3pm

Op internet is een exploit verschenen voor een ernstig Ruby on Rails-lek dat afgelopen dinsdag aan het licht is gekomen. H...

Exploit Code, Metasploit Module Out for Ruby on...

threatpost.com 10 Jan '13, 3pm

Just two days after the disclosure of a string of serious vulnerabilities in Ruby on Rails, researchers have released proo...

Just added my #inlinkz link: here: via @inlinkz

deniseisrundmt.com 13 Jan '13, 11pm

Living life as a mom on the run between races and raising three beautiful, brilliant children (ages 11, 7, 2). Before a bl...

Just added my #inlinkz link: here: via @inlinkz

deniseisrundmt.com 10 Jan '13, 11am

Living life as a mom on the run between races and raising three beautiful, brilliant children (ages 11, 7, 2). Before a bl...

Dutch Govt Shuts Down Ruby on Rails Servers As ...

efytimes.com 11 Jan '13, 2pm

The Dutch government took the first step. It has shut down its system dubbed as DigiD, which allows users to access severa...

Inside The Underweb: via #gAtO ✅ #infosec #tor ...

fastcompany.com 10 Jan '13, 1pm

When the German Foreign Office hosted a human rights conference several months ago, one of the invited guest organizations...