31 May '13, 2am

Reporting security vulnerabilities in Ruby #rubykaigi #rubykaigiA also 'ri ruby:security' is helpful

Here you will find information about security issues of Ruby. Reporting Security Vulnerabilities Security vulnerabilities should be reported via an email to [email protected] (the PGP public key ), which is a private mailing list. Reported problems will be published after fixes. Known issues Here are recent issues. Object taint bypassing in DL and Fiddle in Ruby (CVE-2013-2065) published at 14 May, 2013. Entity expansion DoS vulnerability in REXML (XML bomb, CVE-2013-1821) published at 22 Feb, 2013. Denial of Service and Unsafe Object Creation Vulnerability in JSON (CVE-2013-0269) published at 22 Feb, 2013. XSS exploit of RDoc documentation generated by rdoc (CVE-2013-0256) published at 6 Feb, 2013. Hash-flooding DoS vulnerability for ruby 1.9 (CVE-2012-5371) published at 10 Nov, 2012. Unintentional file creation caused by inserting a illegal NUL character (CVE-2012-4...

Full article: http://www.ruby-lang.org/en/security/

Tweets

Errata Security: BitCoin is a public ledger

coinbits.com 31 May '13, 5pm

is not so much a “currency” as an “emergent phenomenon”. For example, the “block chain” is a public ledger of all BitCoin ...

ICANN : Security Studies on the Use of Non-Dele...

domainnews.com 29 May '13, 5am

On 23 February 2012, the SSAC published the SAC 053: SSAC Report on Dotless Domains. A domain name that consists of a sing...

Security Studies on the Use of Non-Delegated TL...

icann.org 28 May '13, 10pm

ICANN 's mission and core values call to preserve and enhance the operational stability, reliability, security, and global...

New from our Blog - Railsgoat, a free Ruby on Rails-focused security learning tool

New from our Blog - Railsgoat, a free Ruby on R...

blog.nvisium.com 10 Jun '13, 4pm

The Open Web Application Security Project or "OWASP" is an organization dedicated to non-profit (open source) efforts that...

Realizing the full potential of the Proliferati...

sipri.org 27 May '13, 1pm

The stated objective of the meeting is to ‘set the stage for PSI activities’ and ‘underline the political importance of th...

Twitter tightens security after high-profile br...

channelnewsasia.com 22 May '13, 9pm

SAN FRANCISCO: Twitter said Wednesday it was stepping up security measures for the popular messaging service following a s...