A good read about the worst-case scenario, stolen password hashes. A rate of 600 passwords in 3 weeks seems to be possible even with slow algorithms.
Safari will soon come with an Intelligent Tracking Prevention to prevent privacy violations by advertisers and their tracking cookies.
4-10% of encrypted web traffic is intercepted. Not all these interceptions are malicious. Antivirus solutions, firewalls perform interception mostly by installing their own certificate on the user’s machine. But the interception affects security due to basic cryptographic mistakes. Between 16-37% of the outgoing connections are easily vulnerable to man-in-the-middle attacks.
The mail gem was vulnerable to header injection in versions < 2.5.5. All 2.6 versions were not vulnerable due to a bug. Install 2.6.6 to get the fix for the vulnerability.
Like this kind of articles?
Subscribe to hear about new Rails security resources first. Only helpful articles and guides. Monthly(ish) updates, no spam.