Security News

To create lists you need to add special tags at the start and end of the list, and then special tags at the start and end of each item, which makes proofreading harder than it needs to be, like this. Worse, your marked-up text only works on websites, or in browser-like windows, so you need a plethora of conversion tools anyway if you also want to render your documents into plain ASCII, or some other widely-used format such as PDF, RTF or DOCX. Worst, not all HTML markup can readily be converted into other formats, so you need to remember which HTML constructs you're not allowed to use, in case you end up with a document where most, but not all, of the content can be rendered in other types of file.

Maintainers behind the Ruby programming language have revised the project's Code of Conduct on GitHub to remove tolerating opposing viewpoints as a prerequisite. On September 29th, in a pull request titled, "Remove abuse enabling language," software engineer Jake Herrington proposed that Ruby's Code of Conduct be revised to ensure everyone in the community feels safe.

A legitimate file may be called "Thisisafile.exe," while a malicious impersonator may call itself "This1safile.exe." Unobservant users could thus download the malicious file by mistake. If developers accidentally downloaded the rogue files instead of the legitimate gems they were looking for, the software packages they built using the libraries would automatically harbor the Bitcoin-stealer, endangering all users of that software.

A Ruby software package that contained a malicious backdoor has been removed from the Ruby Gems repository after compromising over ten libraries. Called rest-client, the gem was designed to help...

The compromise of several older versions of a popular Ruby software package (aka a Ruby “gem”) has led to the discovery of a more widespread effort to inject malware and mining software through...

Developer account cracked due to credential reuse, source tampered with and released to hundreds of programmers An old version of a Ruby software package called rest-client that was modified and...

An eagle-eyed developer has discovered a backdoor recently sneaked into a library (or ‘gem’) used by Ruby on Rails (RoR) web apps to check password strength.

A developer discovered that an update released for the 'strong_password' Ruby gem contained malicious code that allowed an attacker to remotely execute arbitrary code. read more

At F8 today, Facebook released SDKs and documentation for the integration of Delegated Account Recovery into Java, NodeJS and Ruby applications.

Dawnscanner is an open source static analysis scanner designed to review the security of web applications written in Ruby. Dawnscanner’s genesis Its developer, Paolo Perego, says that he was...