11 Jan '13, 5am

Dutch govt pulls Ruby on Rails, exploits become semi-automated

The first effects of the recently discovered Ruby on Rails exploit are beginning to be felt, with the Dutch government pulling its digital ID system briefly offline after realising that it was vulnerable. The Dutch system, called DigiD, allows users to access a number of the government's online services. The government decided to shut the system down yesterday, with a spokesperson for the company telling Nu.nl that it was necessary to close a security issue with the Ruby on Rails platform it was running on. The move comes as an update arrives to Rapid7's Metasploit framework (which coincidentally also runs Ruby on Rails). It now allows administrators to quickly scan hosts for vulnerable versions of Rails instances, and verify that they can be exploited. Unfortunately, the availability of such tools also means that malicious users are able to quickly automate the process of...

Full article: http://www.zdnet.com/dutch-govt-pulls-ruby-on-rails-explo...

Tweets

Dutch Govt Shuts Down Ruby on Rails Servers As ...

efytimes.com 11 Jan '13, 2pm

The Dutch government took the first step. It has shut down its system dubbed as DigiD, which allows users to access severa...

Exploits for Ruby on Rails holes now in circula...

h-online.com 10 Jan '13, 4pm

Since the reports of a critical vulnerability in Ruby on Rails , the first exploits have begun circulating and the first r...

Update Ruby now before it goes off the Rails

Update Ruby now before it goes off the Rails

pcworld.com 10 Jan '13, 10pm

Do you use Ruby on Rails? If so, it’s time to update. Now. Ruby on Rails is an open source Web application framework built...

Rails PoC exploits for CVE-2013-0156 and CVE-20...

ronin-ruby.github.com 10 Jan '13, 7am

Next, [ActionDispatch::Http::Parameters] takes the parsed request parameters and merges them with the path parameters. Not...

Exploiting Ruby on Rails with Metasploit (CVE-2013-0156)

Exploiting Ruby on Rails with Metasploit (CVE-2...

community.rapid7.com 10 Jan '13, 6pm

First off, make sure you have a copy of Metasploit and that you have How to update Metasploit Express and Metasploit Pro ....

ModSecurity Mitigations for Ruby on Rails XML Exploits

ModSecurity Mitigations for Ruby on Rails XML E...

blog.spiderlabs.com 10 Jan '13, 6pm

There is big trouble in Ruby on Rails (RoR) land... The issue is related to XML parsing of YAML document elements or Symbo...

Drop everything now and patch Ruby on Rails app...

darkreading.com 10 Jan '13, 9pm

This just got (more) real: Researchers today unleashed exploit code for a pair of newly found vulnerabilities in the popul...

Update Ruby now before it goes off the Rails #ITWorld

Update Ruby now before it goes off the Rails #I...

itworld.com 11 Jan '13, 9pm

January 11, 2013, 4:20 PM — Do you use Ruby on Rails? If so, it's time to update. Now. Ruby on Rails is an open source Web...

Update Ruby now before it goes off the Rails #I...

csoonline.com 12 Jan '13, 10pm

January 11, 2013 — PC World — Do you use Ruby on Rails? If so, it's time to update. Now. Ruby on Rails is an open source W...

#ict #nieuws `Dienst gebouwd op Ruby on Rails m...

computable.nl 11 Jan '13, 11am

‘Dienst gebouwd op Ruby on Rails moet offline’ 11-01-2013 11:55 | Door Sander Hulsman | Lees meer artikelen over: Exploits...

ASO Customers: If you use RubyOnRails, read thi...

blog.asmallorange.com 11 Jan '13, 10pm

A recent security issue affecting the Rails component of the Ruby-on-Rails open source web application framework has promp...

Exploit für Ruby on Rails im Umlauf

heise.de 10 Jan '13, 3pm

Für die am Mittwoch gemeldete, kritische Lücke in Ruby on Rails kursieren erste Exploits; es treffen auch bereits erste Be...

Attack Code, Metasploit Module Released For Ser...

darkreading.com 10 Jan '13, 9pm

This just got (more) real: Researchers today unleashed exploit code for a pair of newly found vulnerabilities in the popul...

Critical vulnerability in Ruby on Rails paramet...

h-online.com 09 Jan '13, 11am

The developers of Ruby on Rails are calling on users to update their Rails installations as soon as possible, following th...

Critical vulnerability in Ruby on Rails paramet...

h-online.com 09 Jan '13, 11am

The developers of Ruby on Rails are calling on users to update their Rails installations as soon as possible, following th...