Hi everyone It's been pointed out to me that the Ruxmon Melbourne group that talks about security every month will feature a talk on exploiting Rails/ActiveRecord on the 29th - perhaps of interest to some on this list.
(I think this exploit has been patched in the latest releases for 3.0, 3.1 and 3.2 - so you may want to spend some time upgrading appropriately). Cheers -- Pat Begin forwarded message: > Pat, hope you're well.. can you please forward this Ruxmon Melbourne > talk on exploiting Rails to the RoRo group for me? > > Donal > > > ---------- Forwarded message ---------- > From: Silvio Cesare <[email protected]> > Date: Mon, Jun 25, 2012 at 12:30 PM > Subject: [ruxmon-melbourne] Ruxmon Melbourne - June 29th - 6:00PM > To: [email protected] > > > Ruxmon Melbourne is on this Friday. As usual, we will adjourn to the > Oxford Scholar for a meal and a bit of a meet and greet. > > Ruxmon presentations are intended to be short (between 10-30 minutes), > a projector and screen will be provided. We encourage participation > from everyone and hope to see a variety of presentations over the > coming months. Any topic is welcome, a presentation could be as simple > as speaking for 10 minutes about a project you are currently working > on. If you are interested please email [email protected]. > > For more information please see: http://www.ruxcon.org.au/ruxmon > > Presentations > > Exploiting latest ActiveRecord/Rails bug (CVE-2012-2661) - Louis > > This talk will present how it is possible to exploit the latest > ActiveRecord/Rails vulnerability to retrieve arbitrary information. > This vulnerability is an example of an interesting and challenging SQL > injection... > > Louis is a security consultant. In his spare time, he works on 2 side > projects (pntstr.com and pentesterlab.com). > > Measuring Gaps - Matt J > > Matt will be giving a walk-through on his experiences integrating > different SecTech together to help improve data analysis capabilities > and defensive awareness. A variety of examples will be shown plus a > look at different gotchas and flaws you may encounter doing this type > of development in practice. > > Details > > > Date: Friday, 29th June > Time: 6:00PM > Location: RMIT University, City Campus > https://my.rmit.edu.au/portal/page/portal/RMITPortal/campusmaps?dsize=max > Room 008.09.42 (Building 8, Level 9, Room 42) > > The RMIT Building 8 entrance is on Swanston Street (just past Swanston > and La Trobe street intersection). Please take the lift to Level 9 > and make your way to Room 42. > ------------------------------------------------------------------------ > Unsubscribe: Send an empty email to [email protected] > > > -- > d^_^b > Donal -- You received this message because you are subscribed to the Google Groups "Ruby or Rails Oceania" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rails-oceania?hl=en.
