Vulnerability Rides Rails

Ruby on Rails has seen wide adoption since its introduction. It is a very powerful platform for rapid prototyping and develppment of web-based applications ranging from the trivial to the complex. Up until now, it was also thought to be very secure.

Now, all of that may change. As I write this, a very serious vulnerability has been identified in RoR. While the Rails management team have released a patch to RoR that they have termed a “mandatory upgrade” , it should be considered very likely that some group of attackers may have already been aware of the issue. As such, careful inspection of logs and such should be performed for any and all RoR applications.

Given the wide range of applications deployed on RoR, organizations using it should be paying very careful attention and applying the upgrade as soon as possible.

Attackers have long focused on web applications as a primary target. We have seen wide scale attacks against many other web platforms from PHP to the Horde framework. Now some of that attention may shift to RoR. I, for one, hope it can handle the pressure…

This entry was posted in General InfoSec by Brent Huston. Bookmark the permalink.

About Brent Huston

I am the CEO of MicroSolved, Inc. and a security evangelist. I have spent the last 20+ years working to make the Internet safer for everyone on a global scale. I believe the Internet has the capability to contribute to the next great leap for mankind, and I want to help make that happen!

Leave a Reply