Wednesday, May 4, 2016

Ruby on Rails PHP and Node.js Applications Accepting Image Uploads Vulnerable to Remote Code Execution Through ImageMagick

If your project accepts image uploads, your application could be at risk.

A new vulnerability affecting the image conversion package ImageMagick, has been reported that would allow attackers to upload malicious image files capable of executing code on your server.

ImageMagick is a system level package for image manipulation that is highly utilized by web applications based on node.js, ruby on rails, and php. Bottom line, if your application accepts image uploads, there is a very good chance it relies on ImageMagick and is vulnerable.

This link outlines the steps you should be taking to mitigate the possibility of being affected. If you or your team needs help addressing this please contact me.

Friday, April 29, 2016

Upgrade your SSH experience with Mosh

I am a remote developer who relies on SSH to wrangler code and servers.

On top of this, part of my day is spent from a secure off-the-grid location where it's a pure miracle high speed wireless internet exists. With this miracle comes the reality of latency. Typical ssh latency over wimax in my location is about 400-500ms. Not unbearable, but it is not the same as having a wired connection.

Enter mosh. Mosh is an ssh replacement, more robust and responsive especially over Wi-Fi, cellular, and long-distance links.

I installed from git, and as advertised, it just worked. In fact, since it issues the ssh command, if you are using a *nix based system, your configured ssh connection alias will also work.

Happy moshing!