Ruby On Rails Exploit Used To Build IRC Botnet 91
Trailrunner7 writes "Developers who have not updated their Ruby on Rails installations with a five-month-old security patch would do well to secure the Web development framework now. Exploit code has surfaced for CVE-2013-0156 that is being used to build a botnet of compromised servers. Exploit code has been publicly available since the vulnerability was disclosed in January on Github and Metasploit, yet the vulnerability had not been exploited on a large scale until now, said security researcher Jeff Jarmoc."
One reason your web server firewall might want to block IRC connections to arbitrary hosts.
Fix is here... (Score:5, Funny)
Fix is here.
http://www.asp.net/ [asp.net]
Re:Is there a reason *not* to block ports? (Score:2, Funny)
Re:Hah! (Score:5, Funny)
It's a locomotive-driven precious stone.