17 Nov '13, 7pm

railsguides need a cleanup… “If you use the popular RestfulAuthentication plugin for user management”

The attacker creates a valid session id: He loads the login page of the web application where he wants to fix the session, and takes the session id in the cookie from the response (see number 1 and 2 in the image). He possibly maintains the session. Expiring sessions, for example every 20 minutes, greatly reduces the time-frame for attack. Therefore he accesses the web application from time to time in order to keep the session alive. Now the attacker will force the user's browser into using this session id (see number 3 in the image). As you may not change a cookie of another domain (because of the same origin policy), the attacker has to run a JavaScript from the domain of the target web application. Injecting the JavaScript code into the application by XSS accomplishes this attack. Here is an example: <script>document.cookie="_session_id=16d5b78abb28e3d6206b60f22a03c8d9"...

Full article: http://guides.rubyonrails.org/security.html#session-fixat...

Tweets

New Revit Plug-In Helps Calculate #Building Lif...

With demand for whole-building life-cycle assessment (LCA) increasing, a partnership of architects, LCA experts, and softw...

Director: DARPA Focuses on Technology for Natio...

defense.gov 15 Nov '13, 8pm

Director: DARPA Focuses on Technology for National Security By Cheryl Pellerin American Forces Press Service WASHINGTON, N...

Offensive verse of popular army marching song banned

Offensive verse of popular army marching song b...

straitstimes.com 16 Nov '13, 12am

A vulgar verse of a popular army marching song, Purple Light, has been banned, in an unprecedented move by the Singapore A...

Google Claims Government Requests For User Information Have Increased Over 100% Since 2010

Google Claims Government Requests For User Info...

searchengineland.com 14 Nov '13, 4pm

Google released an updated Transparency Report today, claiming government requests for user information have increased mor...

Everything you need to know about the Bitcoin ‘...

washingtonpost.com 08 Nov '13, 9pm

The price of bitcoins rose above $300 for the first time ever Friday, sparking renewed media attention and fresh claims th...

How to use different Gemfiles with Bundler

rubyflow.com 14 Nov '13, 4pm

How to use different Gemfiles with Bundler Posted by markoa on November 14, 2013 — 0 comments Here's a quick guide to usin...

The Beginner's Guide to Guest Blogging: Why, Where and How You Use it

The Beginner's Guide to Guest Blogging: Why, Wh...

searchenginepeople.com 07 Nov '13, 2pm

Guest blogging is not a new concept in the online marketing world. In fact, the principles behind guest blogging have been...

Nissan electric car club proves popular with near 3,000 members already #greenenergy

Nissan electric car club proves popular with ne...

thegreencarwebsite.co.uk 15 Nov '13, 11am

Nissan’s new electric vehicle car sharing service is already proving popular in Japan, with more than 2,700 sign-ups in th...

ICANN Selects Lead for Development of Name Coll...

icann.org 12 Nov '13, 12am

ICANN signed an agreement with JAS Global Advisors LLC to lead the development of the Name Collision Occurrence Management...

Study: US drivers could use more EV cost-benefit education

Study: US drivers could use more EV cost-benefi...

green.autoblog.com 14 Nov '13, 9pm

Survey: Most Americans unaware of financial advantages of owning an electric car Nov. 13, 2013 FOR IMMEDIATE RELEASE BLOOM...

U.S. Drivers Have Fewer Cars, Drive Them Less, ...

greencarreports.com 15 Nov '13, 12pm

By Stephen Edelstein 276 views Nov 15, 2013 Reddit This! Share on Facebook Share on Twitter gas pump Enlarge Photo The bes...

MASSES | The Cuffing Guide: Relating Your Denim to Sneakers via @massesmy

MASSES | The Cuffing Guide: Relating Your Denim...

masses.com.my 11 Nov '13, 5am

The Cuffing Guide: Relating Your Denim to Sneakers On one fateful afternoon at Subang Jaya SS15, we sat down with the guys...

Court Finds Google's Book Scanning Is Fair Use:...

searchengineland.com 14 Nov '13, 8pm

Each search generates three snippets, but by performing multiple searches using different search terms, a single user may ...

Nice, #rails provides his own #sanitize method....

api.rubyonrails.org 17 Nov '13, 9pm

This sanitize helper will html encode all tags and strip all attributes that aren’t specifically allowed. It also strips h...

Ubiquitous Video: Why We Need a Robots.txt For ...

battellemedia.com 15 Nov '13, 2am

Last night I had an interesting conversation at a small industry dinner. Talk turned to Google Glass, in the context of Sn...