• ModSecurity Mitigations for Ruby on Rails XML Exploits

    ModSecurity Mitigations for Ruby on Rails XML Exploits - SpiderLabs Anterior

    blog.spiderlabs.com 10 Jan '13, 6pm

    There is big trouble in Ruby on Rails (RoR) land... The issue is related to XML parsing of YAML document elements or Symbols and results in remote code execution. The vulnerabilities have been confirmed by multiple sources and proof of concept code is available: Rails PoC Exploits by ...

  • Chrome, Evernote, Apple, Flash, Java, Bitcoin, Prison, DDoS, Breaches and Pi #InfosecChurch @SpiderLabs Radio

    SpiderLabs Anterior

    blog.spiderlabs.com 10 Mar '13, 3pm

    A few months ago, I was asked to present a keynote at RSA Conference 2013 . This was a rather intimidating request given I was in a lineup that included Vint Cerf , Dr. Condoleeza Rice, Jimmy Wales and Andy Ellis . For those who were not in San Francisco last week, this isn’t a small ...

  • [Honeypot Alert] Active Probes for Ruby on Rails XML Vulns

    [Honeypot Alert] Active Probes for Ruby on Rails XML Vulns - SpiderLabs Anterior

    blog.spiderlabs.com 25 Jan '13, 8pm

    , I outlined some ModSecurity defenses to help protect Ruby on Rails users from the XML parsing vulnerabilities. Hopefully you have had a chance to update RoR for your site. If not, you might want to stop what you are doing and fix it now... We identified a few attack probes on our WA...

Related