12 Jan '13, 10pm

Update Ruby now before it goes off the Rails #InfoSec

January 11, 2013 — PC World — Do you use Ruby on Rails? If so, it's time to update. Now. Ruby on Rails is an open source Web application framework built to use with the Ruby programming language. Ruby on Rails--or just Rails--gives Web developers the ability to gather information from Web servers, or query a database. Rails is used across an estimated quarter of a million websites ranging from ecommerce to cloud storage. Rails contains critical vulnerabilities that are being targeted by attackers. The mass assignments vulnerability is the Rails equivalent of SQL injection, and exposes Rails to exploits. Lamar Bailey, director of security research and development for nCircle , explained, "All unpatched versions of Ruby on Rails contain critical vulnerabilities involving parameter parsing and attackers can use these bugs to execute code or launch SQL injection attacks." Bail...

Full article: http://www.csoonline.com/article/726382/update-ruby-now-b...

Tweets

Update Ruby now before it goes off the Rails #ITWorld

Update Ruby now before it goes off the Rails #I...

itworld.com 11 Jan '13, 9pm

January 11, 2013, 4:20 PM — Do you use Ruby on Rails? If so, it's time to update. Now. Ruby on Rails is an open source Web...

Update Ruby now before it goes off the Rails

Update Ruby now before it goes off the Rails

pcworld.com 10 Jan '13, 10pm

Do you use Ruby on Rails? If so, it’s time to update. Now. Ruby on Rails is an open source Web application framework built...

Ruby on Rails security updates address SQL inje...

csoonline.com 13 Jan '13, 12am

January 03, 2013 — IDG News Service — The developers of Ruby on Rails, a popular Web application development framework for...

Rails vulnerabilities are not Rails'

revision-zero.org 12 Jan '13, 6pm

Would it make sense for Rails controllers to accept YAML-encoded parameters? Of course it does. URL-encoded, XML, and JSON...

Me at @CSO_Australia: "Nasty Ruby on Rails vuln...

cso.com.au 11 Jan '13, 4am

The revelation of serious long-term vulnerabilities in the popular Ruby on Rails web programming framework is just one of ...

Ruby on Rails Vulnerabilities Discovered, Users Urged to Update Immediately

Ruby on Rails Vulnerabilities Discovered, Users...

thewhir.com 10 Jan '13, 4pm

A vulnerability discovered on the Ruby on Rails web application framework allows attackers to bypass authentication system...

splinter.me is hiring, a Ruby on Rails Develope...

splinter.me 13 Jan '13, 2pm

Company Profile / Jobs / Ruby on Rails Developer Ruby on Rails Developer Details Status Opened Type Full time Position Int...

Dutch govt pulls Ruby on Rails, exploits become...

zdnet.com 11 Jan '13, 5am

The first effects of the recently discovered Ruby on Rails exploit are beginning to be felt, with the Dutch government pul...

Exploits for Ruby on Rails holes now in circula...

h-online.com 10 Jan '13, 4pm

Since the reports of a critical vulnerability in Ruby on Rails , the first exploits have begun circulating and the first r...

New flaw in Ruby on Rails:

New flaw in Ruby on Rails:

infosecurity-magazine.com 09 Jan '13, 1pm

Earlier today the Internet Storm Center (ISC) reported , “A SQL Injection Flaw (CVE-2012-5664) was announced last week (Ja...

Exploit Code, Metasploit Module Out for Ruby on...

threatpost.com 10 Jan '13, 3pm

Just two days after the disclosure of a string of serious vulnerabilities in Ruby on Rails, researchers have released proo...

Exploiting Ruby on Rails with Metasploit (CVE-2013-0156)

Exploiting Ruby on Rails with Metasploit (CVE-2...

community.rapid7.com 10 Jan '13, 6pm

First off, make sure you have a copy of Metasploit and that you have How to update Metasploit Express and Metasploit Pro ....

Ruby on Rails security updates address SQL inje...

csoonline.com 14 Jan '13, 5am

January 03, 2013 — IDG News Service — The developers of Ruby on Rails, a popular Web application development framework for...

Ruby on Rails vulnerable to six year old flaw

zdnet.com 09 Jan '13, 1am

A critical vulnerability has been discovered in Ruby on Rails that affects almost every version of the framework. A contri...

ModSecurity Mitigations for Ruby on Rails XML Exploits

ModSecurity Mitigations for Ruby on Rails XML E...

blog.spiderlabs.com 10 Jan '13, 6pm

There is big trouble in Ruby on Rails (RoR) land... The issue is related to XML parsing of YAML document elements or Symbo...