Automated hacking tools are already equipped to exploit this one: http://arstechnica.com/security/2013/01/critical-java-zero-day-bug-is-being-massively-exploited-in-the-wild/ Despite it still being common practice for thicker web apps, Java in browser remains a big problem for security. Consider disabling or uninstalling your browsers’ Java if you don’t … Continue reading
A new SQL-injection vulnerability for the new year, this time in an otherwise common and innocuous-looking part of Ruby on Rails’ ActiveRecord: Post.find_by_id(params[:id]) It is disappointing that the default ORM in Rails cannot yet safely query by identifier, a task … Continue reading
The likelihood of code exploit on a device as specialized as the PIN/signature pads is small relative to the networked general purpose point of sale systems they interface with. Look for more info to emerge on this one: http://nj1015.com/barnes-and-noble-pin-pads-hacked-in-nine-states/ For … Continue reading
