11 Jan '13, 9pm

Update Ruby now before it goes off the Rails #ITWorld

Update Ruby now before it goes off the Rails #ITWorld

January 11, 2013, 4:20 PM — Do you use Ruby on Rails? If so, it's time to update. Now. Ruby on Rails is an open source Web application framework built to use with the Ruby programming language. Ruby on Rails--or just Rails--gives Web developers the ability to gather information from Web servers, or query a database. Rails is used across an estimated quarter of a million websites ranging from ecommerce to cloud storage. Rails contains critical vulnerabilities that are being targeted by attackers. The mass assignments vulnerability is the Rails equivalent of SQL injection, and exposes Rails to exploits. Lamar Bailey, director of security research and development for nCircle , explained, "All unpatched versions of Ruby on Rails contain critical vulnerabilities involving parameter parsing and attackers can use these bugs to execute code or launch SQL injection attacks." Bailey...

Full article: http://www.itworld.com/security/335439/update-ruby-now-it...

Tweets

Update Ruby now before it goes off the Rails #I...

csoonline.com 12 Jan '13, 10pm

January 11, 2013 — PC World — Do you use Ruby on Rails? If so, it's time to update. Now. Ruby on Rails is an open source W...

Update Ruby now before it goes off the Rails

Update Ruby now before it goes off the Rails

pcworld.com 10 Jan '13, 10pm

Do you use Ruby on Rails? If so, it’s time to update. Now. Ruby on Rails is an open source Web application framework built...

Rails vulnerabilities are not Rails'

revision-zero.org 12 Jan '13, 6pm

Would it make sense for Rails controllers to accept YAML-encoded parameters? Of course it does. URL-encoded, XML, and JSON...

Dutch govt pulls Ruby on Rails, exploits become...

zdnet.com 11 Jan '13, 5am

The first effects of the recently discovered Ruby on Rails exploit are beginning to be felt, with the Dutch government pul...

Keep cosy with now with £20 off xx

modainpelle.com 14 Jan '13, 1pm

If you are not entirely satisfied you may return unworn and unmarked goods in the original packing, in a saleable conditio...

Ruby on Rails Vulnerabilities Discovered, Users Urged to Update Immediately

Ruby on Rails Vulnerabilities Discovered, Users...

thewhir.com 10 Jan '13, 4pm

A vulnerability discovered on the Ruby on Rails web application framework allows attackers to bypass authentication system...

Looking for front-end + ruby developers? Send y...

generalassemb.ly 12 Jan '13, 3pm

Basic CSS Properties Demonstrates ability to use basic css properties such as: link selectors, link pseudo-classes Box Mod...

Exploits for Ruby on Rails holes now in circula...

h-online.com 10 Jan '13, 4pm

Since the reports of a critical vulnerability in Ruby on Rails , the first exploits have begun circulating and the first r...

Do you really need to disable #Java? #zeroday #...

blog.trendmicro.com 11 Jan '13, 10pm

Clearly, this is a serious situation and people should take steps to protect themselves as best they can. People running R...

Exploit Code, Metasploit Module Out for Ruby on...

threatpost.com 10 Jan '13, 3pm

Just two days after the disclosure of a string of serious vulnerabilities in Ruby on Rails, researchers have released proo...

New flaw in Ruby on Rails:

New flaw in Ruby on Rails:

infosecurity-magazine.com 09 Jan '13, 1pm

Earlier today the Internet Storm Center (ISC) reported , “A SQL Injection Flaw (CVE-2012-5664) was announced last week (Ja...

Me at @CSO_Australia: "Nasty Ruby on Rails vuln...

cso.com.au 11 Jan '13, 4am

The revelation of serious long-term vulnerabilities in the popular Ruby on Rails web programming framework is just one of ...

Exploiting Ruby on Rails with Metasploit (CVE-2013-0156)

Exploiting Ruby on Rails with Metasploit (CVE-2...

community.rapid7.com 10 Jan '13, 6pm

First off, make sure you have a copy of Metasploit and that you have How to update Metasploit Express and Metasploit Pro ....

Admin Update by SPhSF: Several backend admin up...

freelancer.com 16 Jan '13, 3am

Freelancer.com (formerly GetAFreelancer) is the world's largest outsourcing and crowdsourcing marketplace for small busine...