EFY Times  
Saturday, September 20, 2014

 
GO
 
 

Dutch Govt Shuts Down Ruby on Rails Servers As Exploit Threat Increases
 
Home >> Infotech >> Trends
 
Dutch Govt Shuts Down Ruby on Rails Servers As Exploit Threat Increases  
 
The Dutch government took the first step. It has shut down its system dubbed as DigiD, which allows users to access several online services.   
Rate this news:  (1 Votes)
Friday, January 11, 2013 A couple of days back we reported about an SQL injection vulnerability affecting all versions of the Ruby on Rails web framework. The first exploits have started appearing as several web servers got hijacked. The SQL injection vulnerability is in active record in all versions. This vulnerability has been assigned the CVE identifier CVE-2012-5664, according to officials. The hole is very crucial as it affects a large number of applications and servers. It is recommended that any one who has a server with a Rails application should update to new releases.

security, malware, government, Ruby on Rails, sql injection, Ruby on Rails, 3.2.10, 3.1.9, Ruby on Rails web framework, Dutch Govt




The Dutch government took the first step. It has shut down its system dubbed as DigiD, which allows users to access several online services. The goverenment spokesperson told Nu.nl that the security hole needs to be closed before the platform is made to run again.

The problem, as reported by developers, is due to the way dynamic finders in Active Record extract options from method parameters, a method parameter can mistakenly be used as a scope. Carefully crafted requests can use the scope to inject arbitrary SQL. All users running an affected release should either upgrade or use one of the work arounds immediately.

According to Insinuator, “The root cause of the vulnerability is Rails handling of formatted parameters. In addition to standard GET and POST parameter formats, Rails can handle multiple different data encodings inside the body of POST requests. By default JSON and XML are supported. While support for JSON is widely used in production, the XML functionality does not seem to be known by many Rails developers.” .

Debashis Sarkar, EFYTIMES News Network


Print Email Post Comment 
(Total Views: 1184)
 
Share

 
 
Infotech News
   
Android L To Witness Device Encryption By Default To Allow Better Security
Samsung To Unveil First Tizen Smartphone In India By November
Oracle's New Co-CEO Safra Catz Is The World Highest-Paid Female Executive
10 Best Alternatives To WordPress Blogging Platform
Elitecore Sets Up ‘Centre Of Excellence’ At Global Business Hub ‘Pune’
 
 
 
     
     
     
     
     
     
Most popular
 

Daily

Prime Telecommunications, Inc. Provides Remote Performance Management Solutions To Customers
Amaryllo Reveals World’s First WebRTC Wireless Network Cameras
Sprint Spark Powered Samsung Galaxy Note 4 Arrives Oct. 17 With Pricing Plans That Beat The Competitors
HOST1PLUS Launches A New Location In Lithuania For Shared And Reseller Hosting
TrueCrypt Revives With New Coding - CipherShed 1.0
Towerstream Chooses Siklu Gigabit Wireless Backhaul For Fixed Wireless, Small Cell Capabilities
10 Best Programming Fonts For Coders
Silicon Space Technology (SST) Demonstrates ARM Cortex – M0-Based Processor And SRAM Solutions Operating At 250C Beyond 250 Hours
Saft To Deliver Third Li-Ion Energy Storage System For California Utility
UP Government Looks Forward to Establish Electronics Firms in State
 
   

Weekly

15 Skills That Make You A Real Geek!
15 Skills That Make You A Real Geek!
10 Must-Have Free Software In Your PC
15 Steps Which You Need To Follow After Installing Ubuntu
HP Opts For Open Source Technology For Its Cloud Storage, Acquires Eucalyptus
Learn How To Create Animations Without jQuery
Arrow Inspires Channel Partners At Big Data Symposium
5 Points You Need To Remember The Most About Diodes
12 Rules To Follow To Create Quality Code
5 Online Tutorials For Ethical Hacking
16-Year-Old Indian Boy Invents Device To Turn Breath Into Speech
Best 10 CSS Editing Tools For Programmers And Web Developers
5 Reasons Why You Need Bash Scripting
Image Of First Microsoft Phone Without Nokia Branding, Leaked
Top 18 Android KitKat Smartphones Available In India!
Top 10 Books On Computer Network Security
Best 10 Live CDs For Network Security On Linux Distributions
 
   

Overall

Agility Systems Deals in:

Document Management System for law firms
Features
10 Best Alternatives To WordPress Blogging Platform
Though WordPress is a great platform to use by bloggers, there are some great alternatives to it too, which may fulfill your requirements in a much be...
10 Best Programming Fonts For Coders
Sometimes you're happy with the default monopaced font, which is not always best for you. There are several free fonts for programmers and coders arou...
7 Best User Interfaces For Web Designing
The look and feel of a UI is definitely important but the most important factor is its functionability in terms of navigation....
Switching To Linux From Windows? Keep These 10 Facts In Mind
It's true that it's difficult to shift to Linux from Windows. But it's not impossible. You just need to remember 10 basic points while making this swi...
10 Reasons Why You'll Find JavaScript As The Best Language For Web Development
Developers love to use JavaScript and here are the best 10 reasons why you need to learn JavaScript for your web development aspirations....
Top 10 Books On Computer Network Security
To enhance your knowledge about computer security, here we provide a list of best 10 books which will help in your better understanding of the domain....
5 Points You Need To Remember The Most About Diodes
If you are working with electrical or electronics circuits, then you can't forget the basic operations and requirements of diodes. Here we present a b...
Top 10 Download Managers For Linux To Make Download Faster
There are loads of choices for you, if you are looking for the best open source download managers for Linux but selection becomes quite difficult. Her...
Best 10 Live CDs For Network Security On Linux Distributions
Live CDs load into the memory and access your operating system and other tools, without any permanent installation on the machine....
5 Online Tutorials For Ethical Hacking
Hacking is not always a malpractice. Ethical hacking is also an integral part of it and when it's associated with penetration testing, your computer s...
5 Reasons Why You Need Bash Scripting
If you want to learn terminal commands, it's best that you learn bash scripts and cron jobs....
10 Must-Have Free Software In Your PC
We're sure you must not be in favour of paying an amount for the best software in your PC, when there are loads of available for free. So here are 10 ...
Best 10 CSS Editing Tools For Programmers And Web Developers
Having the best, user-friendly and simple CSS editing tools on any OS is always on the requirement list for programmers and developers....
Learn How To Create Animations Without jQuery
JavaScript animation libraries which bypass jQuery actually deliver incredible performance as they avoid DOM manipulation as much as possible....
10 Open Source Cloning Software For Linux Users
These cloning software take all disk data, convert them into a single .img file and you can copy it to another hard drive....
 
  View All
Dialogue
 
10 Questions That Google Never Asks While Hiring!
Here is a list of 10 questions that Google just banned from their interviews....
For Enjay, Open Source Technology Is A Way Of Life
An entirely open source-based company, Enjay IT Solutions, has built itself a reputation in the OSS domain....
Switching To Tizen Doesn’t Mean We Are Abandoning Android: Samsung
The company has worked to build Tizen up from scratch and has now introduced it to developers and the general public with its latest range of wearable...
Venturing Into The Cloud? Develop A Customised Cloud Strategy First!
Diksha P Gupta speaks to Rushikesh Jadhav, cloud evangelist, ESDS Software Solution Pvt Ltd, on how the cloud has changed the way compan...
HTC Is Strong And There Are No Plans Of Sale Now Or In Future, Says HTC's Senior Director-Marketing
Atithya Amaresh from EFYTimes had an exclusive chat with Sirpa H. Ikola, senior director, Marketing, South Asia, HTC about its devices and its plans w...
   
  View All
Videos
 
First Look: LG Optimus G
The phone sports a high-end display and comes powered by a powerful processor. ...
Create QR-Codes For Free
TEC-IT releases the freeware QR-Code Studio to provide a quick and convenient way of QR code creation for every application scenario....
DoT Secretary Shares Plans For Growth Of Telecom Sector
M.F. Farooqui has recently taken charge as secretary, Department of Telecom....
Hands-On: Sony Xperia Z
Xperia Z is Sony's first entrant model in the big-screen smartphone category. ...
Hands On: Videocon A30 Smartphone
Videocon, the consumer electronics company which is known for its refrigerators, washing machine and air-conditioner has unveiled its Android-based sm...
   
View All
   
 
IFA 2014
 
IFA 2014: LG Launches 34-Inches Curved Monitor
The company is yet to confirm price and availability of the device....
IFA 2014: Intel Launches First Core M Range Of Processors
This range of processors is tailor-made for 2-in-1 devices which include a tablet and a laptop....
MWC 2014: Tablet Lets People Feel Textures On Its Screen
Now feel what you see on your tablet, by way of ultrasonic waves....
MWC 2014: 4K Android Tablet Games To Kill Consoles, iPad
Tablet makers like Samsung want to beat the iPad by making 4K tabs. ...
MWC 2014: This Vodafone Backpack Helps Get Network In Disaster Situations
Two engineers of Vodafone New Zealand displayed the "mini" mobile network by Vodafone substructure in a backpack. ...
MWC 2014: Wilocity Chipset To Bring 'Lightening' Speed To Mobile Phones
Wilocity has developed a WiGig chipset for mobile phones that will bring lightning-fast wireless capability ...
MWC 2014: Samsung Introduces Octacore, Hexacore Chipsets
The Korean giant, Samsung unveiled two new octacore and hexacore chipsets at MWC 2014, in Barcelona. The company previously used Exynos 5 Octa 5410 ch...
   
View All
   
 
Events
 
19th Consumer Electronic Imaging Fair To Be Held On ...

View All
   
   
 
 

home archives contact us advertise with us
           
Magazines Portals Directories Events News Verticals Educational Institute  
Electronics for You
Open Source for You
Electronics Bazaar
electronicsforu.com
efytimes.com
opensourceforu.com
electronicsb2b.com
Electronics Annual Guide
EFY EXPO INDIA
EFY EXPO WEST
ELECTRONICS ROCKS
EFY Awards
OSIDAYS Expo
Electronics
Infotech
Linux & Open Source
Consumer Electronics
Science & Technology
BPO
EFY Techcenter

Educational Kits
Kitsnspares.com  
 
 
© Copyright 2014 EFY Enterprises Pvt. Ltd.
All rights reserved. Reproduction in whole or in part in any form or medium without written permission is prohibited.
Usage of the content from the web site is subject to Terms and Conditions