Re: [WEB SECURITY] RE: Ruby On Rails 1.1.5 Released to Address Critical Vulnerability

["Brian Eaton" <eaton.lists () gmail com>]

On 8/10/06, James Pujals <james.pujals () sterlingpayment com> wrote:
> >> "The issue is in fact of such a criticality that we're not going to dig
> >> into the specifics. No need to arm would-be assalients."
>
> Security by obscurity -- right.  How are people supposed to take seriously a
> call to modify production software without any information at all on the issues
> being addressed?  "You must install this patch or else Something Bad will
> happen, but I can't tell you what.  Trust Me (tm)."

How much money, time, and planning go into computer security?  And
yet, time after time, some things are just questions of credibility.
Time for a Dirty Harry quote:

"You've got to ask yourself one question: 'Do I feel lucky?' Well, do ya, punk?"

(No offense to any Ruby on Rails admins out there.  I have no
knowledge as to whether you are punks or not.)

Regards,
Brian

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire was recently named the worldwide market leader in Web 
application security assessment tools by both Gartner and IDC. 
Download a free trial of AppScan today and see why more customers choose 
AppScan then any other solution. Try it today!
 
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB
--------------------------------------------------------------------------