11 Jan '13, 10pm

Java Zero-Day Exploit and Ruby on Rails Vulnerabilities

Clearly, this is a serious situation and people should take steps to protect themselves as best they can. People running Ruby on Rails should test and deploy the patches as soon as possible. Protecting yourself against the Java vulnerability is harder. While some have suggested disabling Java, that’s often not a realistic option due to it being a critical technology for business. The latest version of Java includes a security control that enables you to keep Java on the system but disable it in the browser: this may be a more viable option for some. Unfortunately, in some cases neither of these options will be viable. But we encourage people to evaluate these options and the risks we’ve outlined and make the best decision for their needs while planning to deploy the patch from Oracle as soon as possible when it is released.

Full article: http://blog.trendmicro.com/trendlabs-security-intelligenc...

Tweets

Security expert review on #Java zero-day exploi...

blog.trendmicro.com 11 Jan '13, 10pm

Clearly, this is a serious situation and people should take steps to protect themselves as best they can. People running R...

Concerned about #Java zero-day exploit and #Rub...

blog.trendmicro.com 11 Jan '13, 11pm

Clearly, this is a serious situation and people should take steps to protect themselves as best they can. People running R...

#Java zero-day exploit and #Ruby on Rails vulne...

blog.trendmicro.com 12 Jan '13, 12am

Clearly, this is a serious situation and people should take steps to protect themselves as best they can. People running R...

Do you really need to disable #Java? #zeroday #...

blog.trendmicro.com 11 Jan '13, 10pm

Clearly, this is a serious situation and people should take steps to protect themselves as best they can. People running R...

Concerned about #Java zero-day exploit and #Rub...

blog.trendmicro.com 14 Jan '13, 7pm

Clearly, this is a serious situation and people should take steps to protect themselves as best they can. People running R...

Rails vulnerabilities are not Rails'

revision-zero.org 12 Jan '13, 6pm

Would it make sense for Rails controllers to accept YAML-encoded parameters? Of course it does. URL-encoded, XML, and JSON...

Java and Ruby on Rails vulnerabilities uncovered

networkedblogs.com 13 Jan '13, 10am

close Share Tweet Email Up Follow ITP.net

Me at @CSO_Australia: "Nasty Ruby on Rails vuln...

cso.com.au 11 Jan '13, 4am

The revelation of serious long-term vulnerabilities in the popular Ruby on Rails web programming framework is just one of ...

Exploit für Ruby on Rails im Umlauf

heise.de 10 Jan '13, 3pm

Für die am Mittwoch gemeldete, kritische Lücke in Ruby on Rails kursieren erste Exploits; es treffen auch bereits erste Be...

Bitcoins stolen with Ruby on Rails exploit

bitcointalk.org 13 Jan '13, 1pm

General discussion about the Bitcoin ecosystem that doesn't fit better elsewhere. News, the Bitcoin community, innovations...

Exploit Code, Metasploit Module Out for Ruby on...

threatpost.com 10 Jan '13, 3pm

Just two days after the disclosure of a string of serious vulnerabilities in Ruby on Rails, researchers have released proo...

Ruby on Rails patches more critical vulnerabili...

infoworld.com 09 Jan '13, 12pm

Those using the Ruby on Rails Web application framework on their websites are being advised to update the software immedia...

Read @adamjodonnell's insights on the latest Ru...

blog.sourcefire.com 09 Jan '13, 8pm

A little under 24 hours ago two major, long-standing vulnerabilities were announced in the popular web programming framewo...

Dutch Govt Shuts Down Ruby on Rails Servers As ...

efytimes.com 11 Jan '13, 2pm

The Dutch government took the first step. It has shut down its system dubbed as DigiD, which allows users to access severa...

Ruby on Rails Vulnerabilities Discovered, Users Urged to Update Immediately

Ruby on Rails Vulnerabilities Discovered, Users...

thewhir.com 10 Jan '13, 4pm

A vulnerability discovered on the Ruby on Rails web application framework allows attackers to bypass authentication system...