Real-world Ruby?


#1

Slashdot is currently featuring a story called “Boarding Pass Hacker
Targets Bank of America”
(http://it.slashdot.org/article.pl?sid=07/04/12/1444204), which links to
an entry in the “slight paranoia” blog
(http://paranoia.dubfire.net/2007/04/deceit-augmented-man-in-middle-attack.html)
about a demonstration phishing attack against the SiteKey service used
by Bank of America and other financial web sites.

About halfway down in the blog entry is this explanation:

“Our demonstration is based on a concise 130 line ruby script that
carries out this attack and that could be written by a phisher with
average skills and in a relatively short time.”

I guess this is evidence of use of Ruby in the enterprise, or at least
use of Ruby by enterprising phishers :slight_smile:


#2

On 12 Apr 2007, at 17:39, Tim H. wrote:

“Our demonstration is based on a concise 130 line ruby script that
carries out this attack and that could be written by a phisher with
average skills and in a relatively short time.”

I guess this is evidence of use of Ruby in the enterprise, or at least
use of Ruby by enterprising phishers :slight_smile:

You mean there are phishers who can code?
Or is this proof that Ruby really is useable by anyone?

Ellie

Eleanor McHugh
Games With Brains

raise ArgumentError unless @reality.responds_to? :reason


#3

Eleanor McHugh wrote:

On 12 Apr 2007, at 17:39, Tim H. wrote:

“Our demonstration is based on a concise 130 line ruby script that
carries out this attack and that could be written by a phisher with
average skills and in a relatively short time.”

I guess this is evidence of use of Ruby in the enterprise, or at least
use of Ruby by enterprising phishers :slight_smile:

You mean there are phishers who can code?
Or is this proof that Ruby really is useable by anyone?

Ellie

Eleanor McHugh
Games With Brains

raise ArgumentError unless @reality.responds_to? :reason

thank you Mr. Hunter… my worst fears come true… THE BIGGEST BADEST
thing for ruby is that this language is/going to be equated with
hakers!!! having read Bruce Tate’s From Jave to Ruby… an already
precarious would-be acceptance of ruby by way of it’s slow infusion into
the enterprise by successfull sideline projects will be DASH altogether
by accounts of how EASY hakers can use it against the enterprise…Dam
it i chose ruby because i need to get things quick and easy to fight my
fires here


#4

On 13 Apr 2007, at 13:30, Dave R. wrote:

fires here
Well conversely anything that gives ‘hackers’[1] so much potential
power should be on the radar of every major corporation.

Ellie
[1] The usual disclaimers about this use of the term apply:

I am a Hacker.
They are criminal mutant scum.
Your mileage may vary

Being and Doing are merely useful abstractions for the ‘time’-
dependent asymmetries of phase space.