11 Jun '13, 2pm

Netsparker can detect RoR remote code execution that was used to illegally withdraw funds #hacking

On the 28th of January 2013, Ruby on Rails announced the release of versions 3.0.20 and 2.3.16 that addresses an extremely critical security in the framework itself. The vulnerability is a remote code execution and when exploited it allows an attacker to execute code on the remote web server. In May 2013, automated bots started exploiting this known remote code execution in Ruby on Rails web framework. Even though it took almost four months for the vulnerability to surface in the wild, it seems that it is quite successful. The main reason to why it is so successful is because web servers administrators failed to upgrade their Ruby on Rails framework to the latest and most stable version. Although most of successful attacks were not documented, in a particular case a malicious hacker who exploited this Ruby on Rails vulnerability managed to withdraw funds from Vircurex, an ...

Full article: http://www.mavitunasecurity.com/blog/netsparker-detects-r...

Tweets

New from our Blog - Railsgoat, a free Ruby on Rails-focused security learning tool

New from our Blog - Railsgoat, a free Ruby on R...

blog.nvisium.com 10 Jun '13, 4pm

The Open Web Application Security Project or "OWASP" is an organization dedicated to non-profit (open source) efforts that...

7 reasons you should withdraw your .brand appli...

domainnamewire.com 10 Jun '13, 4pm

If you’re rethinking your .brand top level domain strategy, here are some things to think about. A relatively small number...

[Prod/Sustainablity] Detect Leaks Before They R...

buildinggreen.com 12 Jun '13, 7am

Detect Leaks Before They Ruin Your House A couple of years ago, a shower pipe connection came apart on the third floor of ...

Civic-Minded Hacking

Civic-Minded Hacking

spectrum.ieee.org 11 Jun '13, 5pm

By Travis Korte Posted 11 Jun 2013 | 17:30 GMT Share | Email | Print The atmosphere after a hackathon is usually one of re...

Best Web Hosting for Ruby On Rails application ...

coderwall.com 16 Jun '13, 9pm

Sorry, but I highly disagree with the points you mention in this article. As developer, I didn't need to run bundle instal...

"The benefits of choosing Ruby 2.0 and Ruby on Rails 4.0 for your project."

"The benefits of choosing Ruby 2.0 and Ruby on ...

selleo.com 11 Jun '13, 11am

However, there is always a temptation to stick with the existing versions because of the risks and fears associated with n...