Vulnerability in RubyOnRails Affects Twitter But Not IE8 Users

    Last week, a vulnerability was discovered in a popular cross-site scripting (XSS) -based Ruby On Rails web development engine.

    The vulnerability reached many popular services, including the notorious Twitter. The error crept into work with Unicode and allowed to reproduce arbitrary code in JavaScript. Detailed information on this incident can be found on Ars Technica . The error was quickly corrected, however, given the audience of the services, it could have a significant negative effect.

    At the same time, the vulnerability did not affect users of Internet Explorer 8. IE8 has a built-in XSS filter that automatically protects users from such attacks - code is blocked and a warning message is displayed at the top.

    This is additional evidence that the Internet is impossible without threats and attacks and that users need adequate protection. IE8 has a whole suite of tools for security and reliability. I described this in more detail in an online report .

    Let me remind you that according to a recent study, NSS Labs Internet Explorer 8 is the safest browser in the field of malware protection and phishing.

    Also popular now: