04 Jan '13, 1am

Ruby on Rails Security Flaw Severe, but Not Widespread: Researcher

Ruby on Rails Security Flaw Severe, but Not Widespread: Researcher

A security researcher finds a way to steal information from Web applications designed with Ruby on Rails and using a third-party authentication mechanism. The developers for Ruby on Rails fixed a subtle bug in the Web development framework that could allow an attacker to take control of an application's database by SQL injection. While the impact of the bug could be severe, most applications are not vulnerable unless they use Authlogic, a third-party authentication framework, and have exposed their secret session key. Most applications developed in-house will not be vulnerable, as their developers have generated a secret hash-based message authentication code (HMAC) to act as the key or password for the application's security, Hongli Lai, chief technology officer for Ruby development firm Phusion, wrote in an analysis of the vulnerability. Yet, publicly-available applicati...

Full article: http://www.eweek.com/developer/ruby-on-rails-security-fla...

Tweets

Ruby on Rails security updates address SQL inje...

networkworld.com 03 Jan '13, 7pm

IDG News Service - The developers of Ruby on Rails, a popular Web application development framework for the Ruby programmi...

Ruby on Rails security updates address SQL inje...

infoworld.com 03 Jan '13, 2pm

The developers of Ruby on Rails, a popular Web application development framework for the Ruby programming language, releas...

Ruby on Rails security updates address SQL inje...

news.techworld.com 03 Jan '13, 3pm

Ruby on Rails developers have released versions 3.2.10, 3.1.9, and 3.0.18 of the popular web application development frame...

SQL Injection Flaw Haunts All Ruby on Rails Ver...

threatpost.com 03 Jan '13, 3pm

All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an atta...

All Ruby on Rails versions affected by SQL inje...

net-security.org 03 Jan '13, 3pm

Three new versions of popular open source web application framework Ruby on Rails have been released on Wednesday in order...

Ruby on Rails security updates address SQL inje...

csoonline.com 04 Jan '13, 3pm

January 03, 2013 — IDG News Service — The developers of Ruby on Rails, a popular Web application development framework for...

SQL Injection Flaw Haunts All Ruby on Rails Ver...

threatpost.com 03 Jan '13, 3pm

All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an atta...

All Ruby On Rails Versions Suffer SQL Injection...

it.slashdot.org 03 Jan '13, 4pm

"All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an att...

Ruby on Rails updates address SQL injection fla...

computerworld.com 03 Jan '13, 3pm

IDG News Service - The developers of Ruby on Rails, a popular open source Web application development framework for the Ru...

Ruby on Rails SQL Injection Flaw a Non-Issue for Most Organizations #ccureit

Ruby on Rails SQL Injection Flaw a Non-Issue fo...

securityweek.com 04 Jan '13, 12pm

“The Ruby on Rails SQL injection flaw highlighted in CVE-2012-5664 is a non-issue for most organizations and application d...

#Anonymous #Cyberwar CVE-2012-5664 :All Ruby on...

ehackingnews.com 04 Jan '13, 1am

A SQL Injection vulnerability has been discovered in Ruby on Rails that affects all current versions of the web framework....

Ruby on Rails Web Development For Rapid Development:

Ruby on Rails Web Development For Rapid Develop...

talentsfromindia.com 05 Jan '13, 8am

Ruby on Rails, often known as ROR or Rails is an open source web development application framework for the Ruby programmin...

Ruby & Rails security guides: #ruby #rails <bit...

code.google.com 06 Jan '13, 12pm

>> "foo".private_methods.sort => [:Array, :Complex, :Float, :Integer, :Rational, :String, :__callee__, :__method__, :_exec...

New flaw in Ruby on Rails:

New flaw in Ruby on Rails:

infosecurity-magazine.com 09 Jan '13, 1pm

Earlier today the Internet Storm Center (ISC) reported , “A SQL Injection Flaw (CVE-2012-5664) was announced last week (Ja...

All Ruby On Rails Versions Suffer SQL Injection...

it.slashdot.org 03 Jan '13, 4pm

"All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an att...