10 Jan '13, 12pm

Vulnerability in Ruby on Rails could bring 200,000 sites down

Vulnerability in Ruby on Rails could bring 200,000 sites down

In the realm of computer security there are bugs , and then there are bugs . The latter refers to a real showstopper — the kind of bug that could bring a website to its knees and expose user data if the wrong people figure it out. Just such a bug has been discovered in Ruby on Rails, and it is estimated that roughly 200,000 websites are at risk of attack. The bug is of the most serious nature, and stems from the way Rails handles formatted parameters. While complicated, the object injection attack is 100% effective as described. It could give a remote hacker the necessary access to execute any code on the server running Rails. This would allow the attacker to do just about anything including copying data, deleting web assets, and simply taking the site offline without all that messy DDoS-ing. Ruby on Rails is an extremely popular web app framework that is used on sites lik...

Full article: http://www.geek.com/articles/news/vulnerability-in-ruby-o...

Tweets

Extremely critical Ruby on Rails bug threatens ...

mukpin.com 10 Jan '13, 1pm

Extremely critical Ruby on Rails bug threatens more than 200,000 sites hundreds of thousands of websites are potentially a...

Extremely critical Ruby on Rails bug threatens ...

linuxtoday.com 09 Jan '13, 8pm

Extremely critical Ruby on Rails bug threatens more than 200,000 sites Jan 09, 2013, 11:00 (0 Talkback[s] ) Tweet Hundreds...

Sites Built With Ruby on Rails Suffer New Vulne...

allthingsd.com 09 Jan '13, 4pm

Here’s something new in the way of security worries: Weaknesses in Ruby on Rails. A significant vulnerability has been fou...

Sites Built With Ruby On Rails Suffer New Vulne...

allthingsd.com 09 Jan '13, 4pm

Here’s something new in the way of security worries: Weaknesses in Ruby on Rails. A significant vulnerability has been fou...

Ruby on Rails derails 240,000 sites with enormo...

theregister.co.uk 10 Jan '13, 3pm

Popular programming framework Ruby on Rails is affected by two critical security vulnerabilities - one allowing anyone to ...

Extremely critical Ruby on Rails bug threatens ...

arstechnica.com 09 Jan '13, 12am

Hundreds of thousands of websites are potentially at risk following the discovery of an extremely critical vulnerability i...

Extremely critical Ruby on Rails bug threatens ...

reddit.com 09 Jan '13, 2am

No, what you need is a descriptive language that gives designers what they want and then hook everything up by calling som...

Are you running Rails? Have you upgraded? If not, stop, upgrade IMMEDIATELY.

Are you running Rails? Have you upgraded? If no...

techweekeurope.co.uk 09 Jan '13, 4pm

A significant flaw on the Ruby on Rails web development framework might have put thousands of websites at risk of being ha...

.@appboy patches its servers after Ruby on Rail...

blog.appboy.com 11 Jan '13, 5pm

Earlier this week, a serious advisory was posted to the Ruby on Rails security discussion list . Unknown hacker groups had...

Ruby on Rails flaws expose thousands of websites to attack: More than 240,000 websites that use Ruby on Rails we...

Ruby on Rails flaws expose thousands of website...

computerweekly.com 10 Jan '13, 4pm

According to O’Donnell, the RoR vulnerability could be used for the creation of a worm , but it would be far worse if atta...

Exploiting Ruby on Rails with Metasploit (CVE-2013-0156)

Exploiting Ruby on Rails with Metasploit (CVE-2...

community.rapid7.com 10 Jan '13, 6pm

First off, make sure you have a copy of Metasploit and that you have How to update Metasploit Express and Metasploit Pro ....

Me at @CSO_Australia: "Nasty Ruby on Rails vuln...

cso.com.au 11 Jan '13, 4am

The revelation of serious long-term vulnerabilities in the popular Ruby on Rails web programming framework is just one of ...

#Exploit Info - VRT reviewed #Ruby on Rails vul...

vrt-blog.snort.org 10 Jan '13, 7pm

on the Ruby on Rails Security group January 8th contained a few phrases that cause alarm when used together: "inject arbit...

Attack Code, Metasploit Module Released For Ser...

darkreading.com 10 Jan '13, 9pm

This just got (more) real: Researchers today unleashed exploit code for a pair of newly found vulnerabilities in the popul...

Critical vulnerability in Ruby on Rails paramet...

h-online.com 09 Jan '13, 11am

The developers of Ruby on Rails are calling on users to update their Rails installations as soon as possible, following th...