Me at @CSO_Australia: "Nasty Ruby on Rails vulnerabilities highlight small websites' risk to us all"

Nasty Ruby on Rails vulnerabilities highlight small websites' risk to us all - ruby on rails, security vulnerability - CSO | The Resource for Data Security Executives

cso.com.au 11 Jan '13, 4am

Me at @CSO_Australia: "Nasty Ruby on Rails vulnerabilities highlight small websites' risk to us all"

The revelation of serious long-term vulnerabilities in the popular Ruby on Rails web programming framework is just one of three events in the last 72 hours that have convinced me that improvement in web application security is impossible -- unless both developers and business managers seriously lift their game. The Rails vulnerabilities are both bad, as the announcement accompanying the fixed software made more than clear. "Extremely critical security fixes so please update IMMEDIATELY," it said. Check CVE-2013-0155 and CVE-2013-0156 for the gory details. It's the second hole that should have us all shitting bricks. "It allows for full remote code execution against any Ruby on Rails application that has the XML parser enabled, which is [the] case by default," wrote Sourcefire's Adam O'Donnell . "More plainly, it means that anyone can run a unix command with the same privil...

Full article: http://www.cso.com.au/article/446211/nasty_ruby_rails_vul...

Tweets

@ozdj » 14 Jan '13, 1am
Jebus! This is ugly! RT @stilgherrian "Nasty Ruby on Rails vulnerabilities highlight small websites' risk to us all" [link]
@stilgherrian » 14 Jan '13, 1am
Final re-pimp: Me at @CSO_Australia: "Nasty Ruby on Rails vulnerabilities highlight small websites' risk to us all" [link]
@studiomondeo » 12 Jan '13, 11pm
RT @kcarruthers: Eek! Nasty Ruby on Rails vulnerabilities highlight small websites’ risk to us all [link] Via @stilgherrian
@kcarruthers » 12 Jan '13, 11pm
Eek! Nasty Ruby on Rails vulnerabilities highlight small websites’ risk to us all [link] Via @stilgherrian
@sylmobile » 12 Jan '13, 11pm
Ruby on Rails vulnerabilities : "First, business managers are a problem," says @stilgherrian at @CSO_Australia. [link]
@stilgherrian » 12 Jan '13, 10pm
Re-pimp: Met at @CSO_Australia: "Nasty Ruby on Rails vulnerabilities highlight small websites' risk to us all" [link]
@DCDawg » 11 Jan '13, 6pm
Nasty Ruby on Rails vulnerabilities highlight small websites' risks [link] "Programming is not a write-only job." #infosec
@911WP » 11 Jan '13, 8am
RT @BlueprintNMedia: Nasty Ruby on Rails vulnerabilities highlight small websites' risk to us all [link] #wp #wordpress #security
@BlueprintNMedia » 11 Jan '13, 8am
Nasty Ruby on Rails vulnerabilities highlight small websites' risk to us all [link] #wp #wordpress #security
@Bitsandstrings » 11 Jan '13, 6am
@greggpollack @rails @dchelimsky Nasty Ruby on Rails vulnerabilities highlight small websites' risk to us all: [link]
@haakon_d » 11 Jan '13, 5am
"Nasty Ruby on Rails vulnerabilities highlight small websites' risk to us all" by @stilgherrian: [link] #infosec
@Asher_Wolf » 11 Jan '13, 4am
RT @stilgherrian: Me at @CSO_Australia: "Nasty Ruby on Rails vulnerabilities highlight small websites' risk to us all" [link]
@stilgherrian » 11 Jan '13, 4am
Me at @CSO_Australia: "Nasty Ruby on Rails vulnerabilities highlight small websites' risk to us all" [link]
@CassieST » 11 Jan '13, 6am
RT @stilgherrian: Me at @CSO_Australia: "Nasty Ruby on Rails vulnerabilities highlight small websites' risk to us all" [link]
@Bitsandstrings » 11 Jan '13, 6am
RT @stilgherrian: Me at @CSO_Australia: "Nasty Ruby on Rails vulnerabilities highlight small websites' risk to us all" [link]