|
WebApp Sec
mailing list archives
Re: [WEB SECURITY] RE: Ruby On Rails 1.1.5 Released to Address Critical Vulnerability
From: "Brian Eaton" <eaton.lists () gmail com>
Date: Thu, 10 Aug 2006 13:34:05 -0400
On 8/10/06, James Pujals <james.pujals () sterlingpayment com> wrote:
>> "The issue is in fact of such a criticality that we're not going to dig
>> into the specifics. No need to arm would-be assalients."
Security by obscurity -- right. How are people supposed to take seriously a
call to modify production software without any information at all on the issues
being addressed? "You must install this patch or else Something Bad will
happen, but I can't tell you what. Trust Me (tm)."
How much money, time, and planning go into computer security? And
yet, time after time, some things are just questions of credibility.
Time for a Dirty Harry quote:
"You've got to ask yourself one question: 'Do I feel lucky?' Well, do ya, punk?"
(No offense to any Ruby on Rails admins out there. I have no
knowledge as to whether you are punks or not.)
Regards,
Brian
-------------------------------------------------------------------------
Sponsored by: Watchfire
Watchfire was recently named the worldwide market leader in Web
application security assessment tools by both Gartner and IDC.
Download a free trial of AppScan today and see why more customers choose
AppScan then any other solution. Try it today!
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB
--------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
| 
Intro
