article thumbnail

What The Rails Security Issue Means For Your Startup

www.kalzumeus.com

Rubygems used YAML to hold metadata about each gem submitted to it. An attacker was able to create a malicious gem, cause the Rubygems web application to evaluate the metadata contained in it, and thereby compromise the Rubygems server infrastructure. You now have a public relations nightmare on your hand.

Security 101