EFY Times  
Monday, November 24, 2014

 
GO
 
 

Dutch Govt Shuts Down Ruby on Rails Servers As Exploit Threat Increases
 
Home >> Infotech >> Trends
 
Dutch Govt Shuts Down Ruby on Rails Servers As Exploit Threat Increases  
 
The Dutch government took the first step. It has shut down its system dubbed as DigiD, which allows users to access several online services.   
Rate this news:  (1 Votes)
Friday, January 11, 2013 A couple of days back we reported about an SQL injection vulnerability affecting all versions of the Ruby on Rails web framework. The first exploits have started appearing as several web servers got hijacked. The SQL injection vulnerability is in active record in all versions. This vulnerability has been assigned the CVE identifier CVE-2012-5664, according to officials. The hole is very crucial as it affects a large number of applications and servers. It is recommended that any one who has a server with a Rails application should update to new releases.

security, malware, government, Ruby on Rails, sql injection, Ruby on Rails, 3.2.10, 3.1.9, Ruby on Rails web framework, Dutch Govt




The Dutch government took the first step. It has shut down its system dubbed as DigiD, which allows users to access several online services. The goverenment spokesperson told Nu.nl that the security hole needs to be closed before the platform is made to run again.

The problem, as reported by developers, is due to the way dynamic finders in Active Record extract options from method parameters, a method parameter can mistakenly be used as a scope. Carefully crafted requests can use the scope to inject arbitrary SQL. All users running an affected release should either upgrade or use one of the work arounds immediately.

According to Insinuator, “The root cause of the vulnerability is Rails handling of formatted parameters. In addition to standard GET and POST parameter formats, Rails can handle multiple different data encodings inside the body of POST requests. By default JSON and XML are supported. While support for JSON is widely used in production, the XML functionality does not seem to be known by many Rails developers.” .

Debashis Sarkar, EFYTIMES News Network


Print Email Post Comment 
(Total Views: 1204)
 
Share

 
 
Infotech News
   
Tech Mahindra Announces Acquisition Of Lightbridge Communications Corporation
McAfee And Europol Combine Talents To Fight Cybercrime
Simple, Efficient, Reliable: Huawei Presents Intelligent Data Center Solution At Datacenter Dynamics Conference
ITTIA And E2S Equip Call Centers With Android Mobility
FabFurnish.com Wins Red Herring’s 2014 Top 100 Global Award
 
 
 
     
     
     
     
     
     
Most popular
 

Daily

Weekly

Teradata And MapR Partnership Expands Hadoop Choices Within Teradata’s Unified Data Architecture
15 Amazing Open Source Alternatives For Expensive Software
A Guide For Beginners, Planning To Start First Electronics Project
Here Comes A New Software To Detect And Auto-Repair Any Malware Damage
Microsoft Leapfrogs Exxon To Become World’s Second Most Valuable Company
5 Reasons Why Fedora 21 Is So Keenly Awaited!
Now An App Is Here To Tell You Why A Call Has Been Made!
10 Cool Raspberry Pi Projects You Can Involve With!
8 Must-Know Email Security Tips
Oracle Advances Data Integration Portfolio With Major Enhancements To Oracle GoldenGate 12c
Microsoft Announces Shut-Down Of Windows Server 2003 By July 2015
Dell Introduces Voice-Enabled Venue 7 and Venue 8 Tablets In India
Nokia Launches Nokia N1 Tablet Running On Android Lollipop
Find Out How Much Google Knows About You And Then Control It!
7 Tips To Make Your Online Search Experience Better
Cisco Releases It's Analytics Framework To Open Source!
 
   

Overall

Features
8 Most Useful Ajax And PHP Based Webmail Clients
These clients offer excellent user interface and sophisticated privacy protection and it allows users view HTML formatted email messages easily....
7 Best Free Archive Managers For Linux
Here we have compiled a list of seven best archive managers which can be used on daily basis....
8 Cyber-Crime Predictions For The Year To Come – 2015
So let's take a look at what are the most critical trends for 2015 when it comes to cyber-security....
12 Major Applications To Be Shipped With Linux Mint 17.1 “Rebecca” Cinnamon
Let's have a look at 12 major applications integrated in the Cinnamon version of Mint 17.1 Rebecca....
8 Killer Music Streaming Clients For Linux Users
If you are both a lover of Linux and music, you must be aware of the best music streaming services on the Linux platform....
10 Cool Raspberry Pi Projects You Can Involve With!
Here we will list down what are the 10 best Raspberry Pi projects which you can involve with....
15 Amazing Open Source Alternatives For Expensive Software
We have a list of fifteen open source applications, for enterprises, small businesses as well as average users....
7 Most Useful Debian Goodies For Debian/Ubuntu Administrators And Users
There are some commands which will let you know which packages are occupying most disk space on your system or to get your hands upon the most recent ...
A Guide For Beginners, Planning To Start First Electronics Project
Take a look at what are most required to begin your first electronics project....
Learn The Best Ways To Scan And Delete Duplicate Files On Your Linux System
Duplicate files consume the maximum portion of the disk space and if a similar file is located in two different locations, then a symbolic link or a h...
5 Reasons Why Fedora 21 Is So Keenly Awaited!
So why are we waiting so eagerly for Fedora 21? Let's take a look at five reasons behind the excitement factor....
8 Must-Know Email Security Tips
We have eight tips for you to keep your email secure, and to follow these tips, you don't need to be tech-savvy. ...
Learn The Steps To Launch Minecraft On Your Linux System
You first need to get your Linux system ready to install Minecraft and the process remains almost same for all the Linux distributions....
10 Best JavaScript Libraries For Building Charts And Graphs
Most of these libraries are free and open source, but if you require some additional features, then there are paid versions too....
8 Killer Tools To Make Your App Development Experience Best Ever!
We have listed here eight most cutting-edge and coolest tools for app developers which will definitely improve your experience of mobile app creations...
 
  View All
Dialogue
 
10 Questions That Google Never Asks While Hiring!
Here is a list of 10 questions that Google just banned from their interviews....
For Enjay, Open Source Technology Is A Way Of Life
An entirely open source-based company, Enjay IT Solutions, has built itself a reputation in the OSS domain....
Switching To Tizen Doesn’t Mean We Are Abandoning Android: Samsung
The company has worked to build Tizen up from scratch and has now introduced it to developers and the general public with its latest range of wearable...
Venturing Into The Cloud? Develop A Customised Cloud Strategy First!
Diksha P Gupta speaks to Rushikesh Jadhav, cloud evangelist, ESDS Software Solution Pvt Ltd, on how the cloud has changed the way compan...
HTC Is Strong And There Are No Plans Of Sale Now Or In Future, Says HTC's Senior Director-Marketing
Atithya Amaresh from EFYTimes had an exclusive chat with Sirpa H. Ikola, senior director, Marketing, South Asia, HTC about its devices and its plans w...
   
  View All
Videos
 
First Look: LG Optimus G
The phone sports a high-end display and comes powered by a powerful processor. ...
Create QR-Codes For Free
TEC-IT releases the freeware QR-Code Studio to provide a quick and convenient way of QR code creation for every application scenario....
DoT Secretary Shares Plans For Growth Of Telecom Sector
M.F. Farooqui has recently taken charge as secretary, Department of Telecom....
Hands-On: Sony Xperia Z
Xperia Z is Sony's first entrant model in the big-screen smartphone category. ...
Hands On: Videocon A30 Smartphone
Videocon, the consumer electronics company which is known for its refrigerators, washing machine and air-conditioner has unveiled its Android-based sm...
   
View All
   
 
IFA 2014
 
IFA 2014: LG Launches 34-Inches Curved Monitor
The company is yet to confirm price and availability of the device....
IFA 2014: Intel Launches First Core M Range Of Processors
This range of processors is tailor-made for 2-in-1 devices which include a tablet and a laptop....
MWC 2014: Tablet Lets People Feel Textures On Its Screen
Now feel what you see on your tablet, by way of ultrasonic waves....
MWC 2014: 4K Android Tablet Games To Kill Consoles, iPad
Tablet makers like Samsung want to beat the iPad by making 4K tabs. ...
MWC 2014: This Vodafone Backpack Helps Get Network In Disaster Situations
Two engineers of Vodafone New Zealand displayed the "mini" mobile network by Vodafone substructure in a backpack. ...
MWC 2014: Wilocity Chipset To Bring 'Lightening' Speed To Mobile Phones
Wilocity has developed a WiGig chipset for mobile phones that will bring lightning-fast wireless capability ...
MWC 2014: Samsung Introduces Octacore, Hexacore Chipsets
The Korean giant, Samsung unveiled two new octacore and hexacore chipsets at MWC 2014, in Barcelona. The company previously used Exynos 5 Octa 5410 ch...
   
View All
   
 
Events
 
19th Consumer Electronic Imaging Fair To Be Held On ...

View All
   
   
 
 

home archives contact us advertise with us
           
Magazines Portals Directories Events News Verticals Educational Institute  
Electronics for You
Open Source for You
Electronics Bazaar
electronicsforu.com
efytimes.com
opensourceforu.com
electronicsb2b.com
Electronics Annual Guide
EFY EXPO INDIA
EFY EXPO WEST
ELECTRONICS ROCKS
EFY Awards
OSIDAYS Expo
Electronics
Infotech
Linux & Open Source
Consumer Electronics
Science & Technology
BPO
EFY Techcenter

Educational Kits
Kitsnspares.com  
 
 
© Copyright 2014 EFY Enterprises Pvt. Ltd.
All rights reserved. Reproduction in whole or in part in any form or medium without written permission is prohibited.
Usage of the content from the web site is subject to Terms and Conditions