I'm not sure we want to tar such a large group with the one brush. The Ruby team implemented Coda Hale's patch three years ago.
There have always been Rubyists who care about security but I think 2013 is going to be a wake up call for many. Who are the leading voices for security in the Ruby world? Now is their time to be heard. :-) - Mike On Sat, Feb 9, 2013 at 11:41 PM, Simon Russell <si...@bellyphant.com> wrote: > Also, for those arguing as to whether the Ruby community has a problem > taking security seriously -- that vulnerability was reported to the Rack > team a little over three years ago. On the upside, I guess that means > no-one has successfully completed an attack (that is widely known about). > > > On Sat, Feb 9, 2013 at 11:33 PM, Simon Russell <si...@bellyphant.com>wrote: > >> These (from the NIST vulnerability summary) are interesting reading: >> >> http://codahale.com/a-lesson-in-timing-attacks/ >> >> https://github.com/rails/rails/commit/1f07a89c5946910fc28ea5ccd1da6af8a0f972a0 >> https://gist.github.com/codahale/f9f3781f7b54985bee94 >> >> >> On Sat, Feb 9, 2013 at 11:20 PM, Charlie Somerville < >> char...@charliesomerville.com> wrote: >> >>> On Saturday, February 9, 2013 12:02:12 PM UTC+11, Mario Visic wrote: >>>> >>>> after a successful timing attack. >>> >>> >>> aka. this one isn't really that severe. Timing attacks, while >>> theoretically possible, are not at all easy to pull off. >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Ruby or Rails Oceania" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to rails-oceania+unsubscr...@googlegroups.com. >>> To post to this group, send email to rails-oceania@googlegroups.com. >>> Visit this group at http://groups.google.com/group/rails-oceania?hl=en. >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >>> >>> >> >> > -- > You received this message because you are subscribed to the Google Groups > "Ruby or Rails Oceania" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to rails-oceania+unsubscr...@googlegroups.com. > To post to this group, send email to rails-oceania@googlegroups.com. > Visit this group at http://groups.google.com/group/rails-oceania?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- *- Mike* * * e. m...@bailey.net.au w. mike.bailey.net.au -- You received this message because you are subscribed to the Google Groups "Ruby or Rails Oceania" group. To unsubscribe from this group and stop receiving emails from it, send an email to rails-oceania+unsubscr...@googlegroups.com. To post to this group, send email to rails-oceania@googlegroups.com. Visit this group at http://groups.google.com/group/rails-oceania?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
