CVE-2015-1828: HTTPS MitM vulnerability in http.rb:https://groups.google.com/forum/?hl=en#!topic/httprb/jkb4oxwZjkU …
-
-
@bascule link to source? Several ways to botch :/ -
@bascule yup. Can think of two or three ways you could pop Ruby but not a browser... -
@sleevi_ so far: not verifying the chain, not verifying the hostname, and “custom” unmanaged truststores… -
@sleevi_ I am guessing there are many Ruby client libs that are vulnerable to at least one of those
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.