Java Zero Day Exploit Coming Soon To a Browser Near You

Automated hacking tools are already equipped to exploit this one:

Despite it still being common practice for thicker web apps, Java in browser remains a big problem for security.  Consider disabling or uninstalling your browsers’ Java if you don’t positively need it.

New Rails SQL Injection Vulnerability Uncovered

A new SQL-injection vulnerability for the new year, this time in an otherwise common and innocuous-looking part of Ruby on Rails’ ActiveRecord:


It is disappointing that the default ORM in Rails cannot yet safely query by identifier, a task made trivial by pre-compiled DBI queries using placeholders, or in this case, a single placeholder!

Check the original post for workaround.