Normally I don't post messages about exploits, because I'd have little time for anything else, but this one is severe, widespread, and there's exploit code in the wild, publicly available.
If you or anyone in your organization has a Ruby on Rails app, of whatever vintage, current or legacy, there's a good chance it can be exploited remotely. When the app is exploited, depending on how it is written, all of the data in the app could be stolen, and it's possible even the machine itself could be compromised. Please let your coworkers know action is needed immediately. Details can be found at: https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion http://news.ycombinator.com/item?id=5028218 -- Ted Roche Ted Roche & Associates, LLC http://www.tedroche.com --- StripMime Report -- processed MIME parts --- multipart/alternative text/plain (text body -- kept) text/html --- _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/cacw6n4vxhaj0_zcq+0gry5wr3x3zjwvim1hj8z04gz9fr2e...@mail.gmail.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
