In response to the latest Ruby on Rails security announcement we upgraded all of our clients’ Rails projects in less than 36 hours. On average it took around 30 minutes to upgrade a project from checkout to deployment. On Twitter we mentioned our ‘minimal dependency policy’ in project...
Clearly, this is a serious situation and people should take steps to protect themselves as best they can. People running Ruby on Rails should test and deploy the patches as soon as possible. Protecting yourself against the Java vulnerability is harder. While some have suggested disabl...
The first effects of the recently discovered Ruby on Rails exploit are beginning to be felt, with the Dutch government pulling its digital ID system briefly offline after realising that it was vulnerable. The Dutch system, called DigiD, allows users to access a number of the governmen...
‘Dienst gebouwd op Ruby on Rails moet offline’ 11-01-2013 11:55 | Door Sander Hulsman | Lees meer artikelen over: Exploits , Hosting , Social media , Patches , DigiD , Ruby (on Rails) | Lees meer over het bedrijf: Ruby | Er zijn nog geen reacties op dit artikel | Permalink Het digital...
DigiD was woensdag offline nadat er een lek werd aangetroffen in het ontwikkelaarsplatform Ruby on Rails. Ict-uitvoerder Logius haalde de dienst rond het middaguur offline. DigiD was dus kwetsbaar voor hackers die op eigen houtje het lek hebben ontdekt, maar misbruik zou detecteerbaar...
The revelation of serious long-term vulnerabilities in the popular Ruby on Rails web programming framework is just one of three events in the last 72 hours that have convinced me that improvement in web application security is impossible -- unless both developers and business managers...
![[remote exploits] - Ruby On Rails XML Processor YAML Deserialization Code Execution:](http://static.openruby.com/assets/pages/38/4e/384e600d7fe97e3d7273ab915021f0ee_100.jpg){kind=small}
Inj3ct0r is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals. Our aim is to collect exploits from submittals and various mailing lists and concentrate them in one, easy-to-navigate database. This was wr...
January 8th, 2013 Back into the swing of things we discuss Ruby 2.0.0-rc1, dismissible helpers, the engine yard awards, speeding up travis build time, binstubs, hacker term, rails panel, and the sd ruby podcast. January 4th, 2013 Better hstores with Surus, get browser details, Rails S...
How to decrease coupling in your controllers & views with decent_exposure for better maintainability Posted by kfaustino on January 11, 2013 — 0 comments I wrote up a detailed post about the decent_exposure gem. It goes into how controllers and views have strong coupling due to the pa...
Asset pipeline internals, Sprockets and rake-pipeline Posted by jondot on January 11, 2013 — 0 comments I just published an article about asset pipeline internals covering how they work, and how to build your own with Sprockets or rake-pipeline. Comments Post a Comment Comment abi...
Time zones in Rails can be a little confusing because they add support by modifying existing Ruby core/stdlib classes. Ruby has no time zone support but Rails actually does a good job. The key is to always use Time.zone rather than Time and to be aware of the difference between things...
Clearly, this is a serious situation and people should take steps to protect themselves as best they can. People running Ruby on Rails should test and deploy the patches as soon as possible. Protecting yourself against the Java vulnerability is harder. While some have suggested disabl...
In this talk, Jon Claudius and I talk about common security issues with Rails apps and encourage our security audience to find ways to meet with and work with the Ruby/Rails community.
Prodigy Finance has pioneered a new model of student finance in which a community of alumni fund students for a return on their investment. We think our model has the ability to change the way that students are funded across the world, and we have been featured in publications such as...
Het beveiligingslek in Ruby on Rails waardoor DigiD woensdag offline ging heeft gevolgen voor honderdduizenden websites. Rails is een open source framework voor het ontwikkelen van webapplicaties voor de Ruby programmeertaal. Volgens de website builtwith.com zouden meer dan 240.000 we...
Clearly, this is a serious situation and people should take steps to protect themselves as best they can. People running Ruby on Rails should test and deploy the patches as soon as possible. Protecting yourself against the Java vulnerability is harder. While some have suggested disabl...
Waza 2013 Registration Open Posted by schneems on January 11, 2013 — 0 comments Last year Heroku's developer conference, Waza, sold out in hours. February 28th, 20 speakers grab your ticket while you still can . Comments Post a Comment Comment abilities for non registered users ar...
A recent security issue affecting the Rails component of the Ruby-on-Rails open source web application framework has prompted the immediate upgrade of the Rails stack on all our shared and reseller servers. This upgrade addresses the existing security issue, linked below, as well as u...
The Dutch government took the first step. It has shut down its system dubbed as DigiD, which allows users to access several online services. The goverenment spokesperson told Nu.nl that the security hole needs to be closed before the platform is made to run again. The problem, as repo...
Le framework de développement Ruby a été corrigé à deux reprises ces derniers jours. En ligne de mire : combler deux failles critiques rendant les applications vulnérables. A deux reprises ces derniers jours, le framework Ruby On Rails a été corrigé. Objectif : combler deux failles cr...
Rails Core Teamは7日(米国時間)、Ruby on Railsに発見された深刻な脆弱性に対処したバージョンを公開 した。Ruby on Railsは、Rubyで開発されたWebアプリケーションフレームワーク。今回のアップデートではAction PackとActive Record/JSONにあった脆弱性が修正されている。対処された2つの脆弱性は次のとおり。
Opportunity to innovate and engineer cutting edge, large scale web applications. Opportunity to get in on the ground floor of a successful, top tier start-up. Goodreads is the world's number one site for readers and book recommendations with over 13 million registered members. We're a...
Earlier this week, a serious advisory was posted to the Ruby on Rails security discussion list . Unknown hacker groups had found a way to exploit the web framework and threatened to release the vulnerabilities to the public. To many Rails experts, this was one of the worst security br...
This well-funded digital start-up is searching for a progressive Software Engineer with broad technology experience in Ruby and who will help design and deliver a social marketplace solution that includes a both a rich web experience, as well as mobile capability. You will be part of ...
January 11, 2013, 4:20 PM — Do you use Ruby on Rails? If so, it's time to update. Now. Ruby on Rails is an open source Web application framework built to use with the Ruby programming language. Ruby on Rails--or just Rails--gives Web developers the ability to gather information from W...
Clearly, this is a serious situation and people should take steps to protect themselves as best they can. People running Ruby on Rails should test and deploy the patches as soon as possible. Protecting yourself against the Java vulnerability is harder. While some have suggested disabl...
