Re: [WEB SECURITY] RE: Ruby On Rails 1.1.5 Released to Address Critical Vulnerability

["Brian Eaton" <eaton.lists@xxxxxxxxx>]

On 8/10/06, James Pujals <james.pujals@xxxxxxxxxxxxxxxxxxx> wrote:
> >> "The issue is in fact of such a criticality that we're not going to dig
> >> into the specifics. No need to arm would-be assalients."
>
> Security by obscurity -- right.  How are people supposed to take seriously a
> call to modify production software without any information at all on the issues
> being addressed?  "You must install this patch or else Something Bad will
> happen, but I can't tell you what.  Trust Me (tm)."

How much money, time, and planning go into computer security?  And
yet, time after time, some things are just questions of credibility.
Time for a Dirty Harry quote:

"You've got to ask yourself one question: 'Do I feel lucky?' Well, do ya, punk?"

(No offense to any Ruby on Rails admins out there.  I have no
knowledge as to whether you are punks or not.)

Regards,
Brian

----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]