"Many security lecture attendees leave in the middle to check their Githubs after I demonstrate arb. file read == RCE on Rails" MT @alinajaf
@steveklabnik @alinajaf If you coerce Rails to coughing up any file on disk: read secret key for CookieStore, then DeserialKiller via cookie
-
-
@patio11@steveklabnik Which by the way, is still perfectly doable with the new secrets.yml thingie we're doing now.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
-
@steveklabnik@patio11 Much to my chagrin, I'm consistently surprised at the number of developers for whom this *is* something new. - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.