It feels like after summer, the amount of security news increases again. Yes, also on the Rails security project, a few new articles about other forms of injection. Oh and here interesting reads from elsewhere:
The Dropbox hack is real
Yes the Dropbox hack is real and this is proper journalism – verified and cross-checked before publishing.
Mitigating MIME Confusion Attacks in Firefox
Firefox now also supports the X-Content-Type-Options: nosniff against MIME-type sniffing.
Protecting your embedded content with subresource integrity (SRI)
Using subresource integrity (SRI)? Here’s how to add a fallback.
Did you like attr_accessible? Someone ported it to Rails 5.
Google Chrome, Firefox Address Bar Spoofing Vulnerability
A spooky browser vulnerability turns URLs around if it sees an RTL string.
Let’s look at some of the security at Github
Some security features at Github, including a hack for dangling markup.
The target=”_blank” vulnerability by example
Antivirus Uploads with Clamby
Like this kind of articles?
Subscribe to hear about new Rails security resources first. Only helpful articles and guides. Monthly(ish) updates, no spam.
