12 Jan '13, 2pm

Nadia Heninger Is Watching You: It’s been a bad week for online security. An “extremely critical” Ruby on Rails ...

Nadia Heninger Is Watching You: It’s been a bad week for online security. An “extremely critical” Ruby on Rails ...

It’s been a bad week for online security. An “extremely critical ” Ruby on Rails security hole ; a Yahoo! Mail XSS exploit ; and yet another Java 0-day vulnerability . I know, I know, security is hard: still, it’s difficult not to be left with a frustrated throw-up-your-hands “can’t anybody do anything right?” feeling. So I paid close remote attention to the Real World Crypto workshop at Stanford this week. (OK, fine, I followed it on Twitter.) And I was struck, in particular, by this proposal from Ron Rivest–yes, that Ron Rivest – awesome. Ron Rivest suggests patents on crypto algs that are royalty free until algs become weak, to encourage upgrades. #realworldcrypto — Ben Adida (@benadida) January 11, 2013 Rivest: it might've helped if there had been a patent on MD5—royalty free as long as no collisions had ever been detected. #realworldcrypto — (@zooko) January 11, 2013 ...

Full article: http://techcrunch.com/2013/01/12/nadia-heninger-is-watchi...

Tweets

Extremely critical Ruby on Rails bug threatens ...

mukpin.com 10 Jan '13, 1pm

Extremely critical Ruby on Rails bug threatens more than 200,000 sites hundreds of thousands of websites are potentially a...

Ruby on Rails releases "extremely critical" fixes

scmagazine.com 09 Jan '13, 5pm

The maintainers of the Ruby on Rails have pushed out the second update in a week to fix critical holes in the web applicat...

Ruby on Rails 3.2.11 released to address 2 "ext...

news.softpedia.com 09 Jan '13, 10am

Less than one week has passed since Ruby on Rails 3.2.10 was released to address an SQL Injection vulnerability. However, ...

Ruby on Rails Releases 'Extremely Critical' Sec...

securityweek.com 09 Jan '13, 6pm

The latest versions, 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been updated with "two extremely critical security fixes" and...

Ruby on Rails pushing out 'extremely critical' fixes: Workaround available.

Ruby on Rails pushing out 'extremely critical' ...

scmagazine.com.au 09 Jan '13, 2am

The maintainers of Ruby on Rails have pushed out the second update in a week to fix a critical hole in the framework which...

Critical Ruby on Rails flaws fixed, upgrade imm...

net-security.org 09 Jan '13, 2pm

For the second week in a row since the start of the new year, users of open source web application framework Ruby on Rails...

Extremely critical Ruby on Rails bug threatens ...

linuxtoday.com 09 Jan '13, 8pm

Extremely critical Ruby on Rails bug threatens more than 200,000 sites Jan 09, 2013, 11:00 (0 Talkback[s] ) Tweet Hundreds...

Update Ruby now before it goes off the Rails #I...

csoonline.com 12 Jan '13, 10pm

January 11, 2013 — PC World — Do you use Ruby on Rails? If so, it's time to update. Now. Ruby on Rails is an open source W...

Ruby on Rails derails 240,000 sites with enormo...

theregister.co.uk 10 Jan '13, 3pm

Popular programming framework Ruby on Rails is affected by two critical security vulnerabilities - one allowing anyone to ...

Ruby on Rails patches more critical vulnerabili...

infoworld.com 09 Jan '13, 12pm

Those using the Ruby on Rails Web application framework on their websites are being advised to update the software immedia...

Extremely critical Ruby on Rails bug threatens ...

arstechnica.com 09 Jan '13, 12am

Hundreds of thousands of websites are potentially at risk following the discovery of an extremely critical vulnerability i...

#Java zero-day exploit and #Ruby on Rails vulne...

blog.trendmicro.com 12 Jan '13, 12am

Clearly, this is a serious situation and people should take steps to protect themselves as best they can. People running R...

Ruby on Rails security updates address SQL inje...

csoonline.com 13 Jan '13, 12am

January 03, 2013 — IDG News Service — The developers of Ruby on Rails, a popular Web application development framework for...

Me at @CSO_Australia: "Nasty Ruby on Rails vuln...

cso.com.au 11 Jan '13, 4am

The revelation of serious long-term vulnerabilities in the popular Ruby on Rails web programming framework is just one of ...