WebApp Sec mailing list archives
Re: [WEB SECURITY] RE: Ruby On Rails 1.1.5 Released to Address Critical Vulnerability
From: "Brian Eaton" <eaton.lists () gmail com>
Date: Thu, 10 Aug 2006 13:34:05 -0400
On 8/10/06, James Pujals <james.pujals () sterlingpayment com> wrote:
>> "The issue is in fact of such a criticality that we're not going to dig >> into the specifics. No need to arm would-be assalients." Security by obscurity -- right. How are people supposed to take seriously a call to modify production software without any information at all on the issues being addressed? "You must install this patch or else Something Bad will happen, but I can't tell you what. Trust Me (tm)."
How much money, time, and planning go into computer security? And yet, time after time, some things are just questions of credibility. Time for a Dirty Harry quote: "You've got to ask yourself one question: 'Do I feel lucky?' Well, do ya, punk?" (No offense to any Ruby on Rails admins out there. I have no knowledge as to whether you are punks or not.) Regards, Brian ------------------------------------------------------------------------- Sponsored by: WatchfireWatchfire was recently named the worldwide market leader in Web application security assessment tools by both Gartner and IDC. Download a free trial of AppScan today and see why more customers choose AppScan then any other solution. Try it today! https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB
--------------------------------------------------------------------------
Current thread:
- Ruby On Rails 1.1.5 Released to Address Critical Vulnerability bugtraq (Aug 09)
- RE: [WEB SECURITY] Ruby On Rails 1.1.5 Released to Address Critical Vulnerability Caleb Sima (Aug 10)
- RE: Ruby On Rails 1.1.5 Released to Address Critical Vulnerability James Pujals (Aug 10)
- Re: [WEB SECURITY] RE: Ruby On Rails 1.1.5 Released to Address Critical Vulnerability Brian Eaton (Aug 11)