Sessions at RubyConf Australia 2013 about Ruby

Your current filters are…

Thursday 21st February 2013

Friday 22nd February 2013

  • Hacking with Gems

    by Benjamin Smith

    What's the worst that could happen if your app has a dependency on a malicious gem? How easy would it be to write a gem that could compromise a box?

    Much of the Ruby community blindly trusts our gems. This talk will make you second guess that trust. It will also show you how to vet gems that you do choose to use.

    There are four malicious gems I will be presenting:

    • Harvesting passwords from requests going through a Rails app
    • Exposing the contents of a Rails app's database
    • Compromising the source code of a Rails app
    • Providing SSH access to a box a 'gem install' time and stealing gem cutter credentials (and going viral)

    My talk will increase awareness that these sort of gems can exist in the wild, show how easy it is for anyone to build malicious gems, and give easy techniques for identifying these gems.

    At 2:15pm to 3:00pm, Friday 22nd February

    In Conference Room A, Jasper Hotel

Schedule incomplete?

Add a new session

Filter by Day

Filter by coverage

Filter by Topic

Filter by Venue

Filter by Space