http://blog.phishme.com/2007/11/owning-rails-20-cookies-at-owasp/ Internet Security Professionals comment on innovative phishing ploys, social engineering techniques, and the latest hacks. Bashing or bowing to the latest and greatest news in the security community. Keep up to speed with what phishers, hackers, and spammers are doing or just listen in on the latest geek rants. PhishMe is your one stop blog for the latest in anti-phishing and security news. Mon, 15 Mar 2010 18:32:47 +0000 http://wordpress.org/?v=2.9.2 hourly 1 http://blog.phishme.com/2007/11/owning-rails-20-cookies-at-owasp/comment-page-1/#comment-69 b3nn Wed, 21 Nov 2007 05:46:28 +0000 http://blog.phishme.com/2007/11/owning-rails-20-cookies-at-owasp/#comment-69 Sorry, updated the link for “cookie_store.rb” which did take you to an older version of the file. Brute forcing the HMAC is still possible. I'm sure there are cases where this type of session storage would make sense, but from a security stand point, it makes me nervous that this will be the default storage option. Sorry, updated the link for “cookie_store.rb” which did take you to an older version of the file. Brute forcing the HMAC is still possible. I’m sure there are cases where this type of session storage would make sense, but from a security stand point, it makes me nervous that this will be the default storage option.

]]> http://blog.phishme.com/2007/11/owning-rails-20-cookies-at-owasp/comment-page-1/#comment-67 Jeremy Kemper Tue, 20 Nov 2007 22:52:56 +0000 http://blog.phishme.com/2007/11/owning-rails-20-cookies-at-owasp/#comment-67 Please see my comment on Part II debunking the claim of brute-force attack. Please see my comment on Part II debunking the claim of brute-force attack.

]]> http://blog.phishme.com/2007/11/owning-rails-20-cookies-at-owasp/comment-page-1/#comment-62 PhishMe » Owning Rails 2.0 Cookies at OWASP: Part II Mon, 19 Nov 2007 19:05:14 +0000 http://blog.phishme.com/2007/11/owning-rails-20-cookies-at-owasp/#comment-62 [...] OWASP conference proved to be a great ground to bring up this topic of the proposed Rails 2.0 cookie storage [...] [...] OWASP conference proved to be a great ground to bring up this topic of the proposed Rails 2.0 cookie storage [...]

]]> http://blog.phishme.com/2007/11/owning-rails-20-cookies-at-owasp/comment-page-1/#comment-61 higB Thu, 15 Nov 2007 15:58:50 +0000 http://blog.phishme.com/2007/11/owning-rails-20-cookies-at-owasp/#comment-61 Great find Corey! Maybe it's not too late for this to be reconsidered. Great find Corey! Maybe it’s not too late for this to be reconsidered.

]]>