A painting of me

A pretty huge exploit was found in Ruby on Rails. ⇒

   9 January 2013, mid-morning

It effects all versions of Rails from the last 6 years. This exploit comes on the heels of a SQL injection vulnerability found over the holidays. Writing secure code is tricky.

This is a post from my link log: If you click the title of this post you will be taken the web page I am discussing.

Perma-Link  

Comments

  1. My coworker just got paged because of this issue (11:50 pm here). I am surprised it took Amazon this long to start notifying devs.

    by Krishna on January 10 2013, 3:04 am   #

  2. Does Amazon use Rails for anything external? When Tyler was there I know he was doing Rails stuff, but it was all internal tools or some such thing.

    They have a metasploit exploit available now.

    by ramanan on January 10 2013, 9:10 am   #

  3. There are so many teams that I have no idea what people may own. I think some teams must own things external otherwise they wouldn’t page everyone haha.

    by Krishna on January 11 2013, 4:11 am   #

Don't be shy, you can comment too!

 
Some things to keep in mind: You can style comments using Textile. In particular, *text* will get turned into text and _text_ will get turned into text. You can post a link using the command "linktext":link, so something like "google":http://www.google.com will get turned in to google. I may erase off-topic comments, or edit poorly formatted comments; I do this very rarely.