Ruby on Rails security reading list (password hack edition) #13

With a lot of attacks against Twitter passwords, VK and LinkedIn recently (or not so recently), it became also clear that people use the same passwords for different services. On Tuesday, someone used those password lists to sign into Github. Is this a reason for apps to provide or promote Two Factor Authentication?
Ah, and here are this week’s articles worth reading:

Rails 5 changes protect_from_forgery execution order

Self-Destructing Cookies

Another safe-browsing add-on to delete all cookies when you close a tab in Firefox.

Should you use Ruby’s SecureRandom?

There’s a discussion about the security of the SecureRandom Ruby module going on. Some researchers now recommend using a different gem.

Ruby authentication: Secure your Rack application with JWT

Hack: XSS via a Facebook page name

A reminder that XSS really can happen anywhere.

HelpSpot Vault

Service to send encrypted messages that expire.

PS: This newsletter grows only by word of mouth. If you think someone could be interested in it, please use the sharing (Twitter, E-Mail) below. Thank you!