09 Mar '13, 11pm

the first Weekly report for the Ruby Security newsletter: Is your Ruby app safe?

Your regular news about ruby security The Ruby Security newsletter Published on 2013/02/18. This weekly report contains this week's vulnerabilities, new ones that were published since the last report, along with some more security tips. Please subscribe to get more Ruby security news , if you got this report via the archive link. Vulnerabilities Some of these vulnerabilities are rather old, but were just assigned a CVE. You should check anyway if they are up to date in your system. Omniauth-OAuth2 CSRF Vulnerable versions: < 1.1.1 Fix: update to 1.1.1 CVE: CVE-2012-6134 Reported by Egor Homakov in September 2012 By manipulating the "state" parameter, an attacker could make an authorization request on behalf of another user. PoC available Newrelic-rpm Information disclosure Vulnerable versions: 3.2.0 to 3.5.2 Fix: update to 3.5.3.25 or later (most recent version: 3.5.5.38) ...

Full article: http://ruby-security.com/report-1

Tweets

DWEMTHY_S ARRAY ^!^ A RUBY MINI_DUNGEON ^!^ ONL...

mislav.uniqpath.com 16 Mar '13, 3am

A scalding SEETHING LAVA infiltrates the cacauphonous ENGORGED MINESHAFTS deep within the ageless canopy of the DWEMTHY FO...

Psyched for @bostonrb tomorrow! @brynary will t...

bostonrb.org 11 Mar '13, 2pm

Out of the box, Rails does its best to help you secure your app. Unfortunately, without consistent application of secure d...

Snorby - Ruby On Rails Application For Network ...

cherry-pick.tumblr.com 10 Mar '13, 9am

Ruby On Rails Application For Network Security Monitoring. Snorby is a ruby on rails web application for network security ...

Getting ready to try ruby! #RailsGirlsPHL

tryruby.org 16 Mar '13, 2pm

JavaScript Not Detected TryRuby requires JavaScript to be enabled (it's an editor thing).

We’re a featured story in this week’s Ruby Week...

rubyweekly.com 07 Mar '13, 2pm

Matz on Ruby 2.0 Matz spoke about Ruby 2.0 ('the happiest release ever') for 30 minutes at the Heroku Waza event a week ag...

Extreme security: Read why the world's most protected people trust #MercedesBenzGuard series vehicles.

Extreme security: Read why the world's most pro...

mercedes-benz.com 12 Mar '13, 6pm

The tests are anything but ordinary. Specialists from the Ballistics Authority in Ulm are required to shoot at an E-Guard ...

How the First Bitcoin Hedge Fund Approaches Sec...

news.slashdot.org 09 Mar '13, 2pm

An anonymous reader writes with a link to a story at Forbes about what's said to the first Bitcoin hedge fund ; the articl...

An explanation of an addition to #ruby

jamesbritt.com 08 Mar '13, 10pm

Ruby security alerts displayed on ruby-doc 2013-03-08 A few weeks ago I read about some critical security issues that affe...

Ruby on Rails with Oracle FAQ:

Ruby on Rails with Oracle FAQ:

oracle.com 11 Mar '13, 1pm

By its design, Ruby on Rails (RoR) lets you develop Web applications very quickly. It does this by adhering to conventions...

WebSockets with Rails 4 and Ruby 2

rubyflow.com 12 Mar '13, 12am

WebSockets with Rails 4 and Ruby 2 Posted by themgt on March 11, 2013 — 0 comments I just wrote up a blog on how to use th...

desde se puede descargar Ruby, Rails y RubyGems...

rubyonrails.org 16 Mar '13, 7am

We recommend Ruby 1.9.3 for use with Rails. Rails 3.2 is the last one that supports Ruby 1.8. Ruby 1.8.6 and earlier are n...

reading up on #Ruby === and I found it amusing ...

blog.jayfields.com 15 Mar '13, 12pm

Hi Jay - I agree with you in this case in isolation. It does concern me that things could start getting quite verbose as m...

The #Militarization of the National Security State #military #Pentagon #DoD #CIA #defensespending

The #Militarization of the National Security St...

truth-out.org 07 Mar '13, 12am

Mel Goodman. (Photo: City Lights Books) "National Insecurity: The Cost of American Militarism" explores the fundamental qu...

WebSockets on Rails 4 and Ruby 2

pogoapp.com 12 Mar '13, 3am

WebSockets on Rails 4 and Ruby 2 Posted on Mar 11 | By paul WebSockets are an exciting new HTML5 technology which has fina...