The effects of the recent vulnerabilities discovered in Ruby on Rails are beginning to be felt, and many are concerned that it could get worse as automated exploitation tools begin to detect the issue. Read More ..
The first effects of the recently discovered Ruby on Rails exploit are beginning to be felt, with the Dutch government pulling its digital ID system briefly offline after realising that it was vulnerable.
The Dutch system, called DigiD, allows users to access a number of the government's online services. The government decided to shut the system down yesterday, with a spokesperson for the company telling Nu.nl that it was necessary to close a security issue with the Ruby on Rails platform it was running on.
The move comes as an update arrives to Rapid7's Metasploit framework (which coincidentally also runs Ruby on Rails). It now allows administrators to quickly scan hosts for vulnerable versions of Rails instances, and verify that they can be exploited. Unfortunately, the availability of such tools also means that malicious users are able to quickly automate the process of identifying targets to attack.