http://blog.phishme.com/2007/11/owning-rails-20-cookies-at-owasp/ Posts about innovative phishing ploys, social engineering techniques, and the latest hacks. PhishMe is your one stop blog for the latest in anti-phishing and security news. Sat, 04 Feb 2012 10:16:28 +0000 hourly 1 http://wordpress.org/?v=3.3.1 http://blog.phishme.com/2007/11/owning-rails-20-cookies-at-owasp/comment-page-1/#comment-69 b3nn Wed, 21 Nov 2007 00:46:28 +0000 http://blog.phishme.com/2007/11/owning-rails-20-cookies-at-owasp/#comment-69 Sorry, updated the link for “cookie_store.rb” which did take you to an older version of the file. Brute forcing the HMAC is still possible. I'm sure there are cases where this type of session storage would make sense, but from a security stand point, it makes me nervous that this will be the default storage option. Sorry, updated the link for “cookie_store.rb” which did take you to an older version of the file. Brute forcing the HMAC is still possible. I'm sure there are cases where this type of session storage would make sense, but from a security stand point, it makes me nervous that this will be the default storage option.

]]> http://blog.phishme.com/2007/11/owning-rails-20-cookies-at-owasp/comment-page-1/#comment-67 Jeremy Kemper Tue, 20 Nov 2007 17:52:56 +0000 http://blog.phishme.com/2007/11/owning-rails-20-cookies-at-owasp/#comment-67 Please see my comment on Part II debunking the claim of brute-force attack. Please see my comment on Part II debunking the claim of brute-force attack.

]]> http://blog.phishme.com/2007/11/owning-rails-20-cookies-at-owasp/comment-page-1/#comment-62 PhishMe » Owning Rails 2.0 Cookies at OWASP: Part II Mon, 19 Nov 2007 19:05:14 +0000 http://blog.phishme.com/2007/11/owning-rails-20-cookies-at-owasp/#comment-62 [...] OWASP conference proved to be a great ground to bring up this topic of the proposed Rails 2.0 cookie storage [...] [...] OWASP conference proved to be a great ground to bring up this topic of the proposed Rails 2.0 cookie storage [...]

]]> http://blog.phishme.com/2007/11/owning-rails-20-cookies-at-owasp/comment-page-1/#comment-61 higB Thu, 15 Nov 2007 10:58:50 +0000 http://blog.phishme.com/2007/11/owning-rails-20-cookies-at-owasp/#comment-61 Great find Corey! Maybe it's not too late for this to be reconsidered. Great find Corey! Maybe it's not too late for this to be reconsidered.

]]>