AppNeta Rubygems Verified

31 Jan 2013

Yesterday, Rubygems found a gem with an exploit to execute arbitrary code, copy config files with passwords and auto-post them onto pastie.org.

The community suspects that some gems on rubygems.org may have been re-written with the exploit code so everyone has been verifying gems.

AppNeta Verifies Rubygems

We’ve verified all of the AppNeta oboe gems (404 until Rubygems is back online) on rubygems.org from version 1.3.0 and up. All checkout and match what we have on [gem/gem-beta].tracelytics.com (and what we have locally) so our customers should be unaffected. We’ll check them periodically this week.

In case you’re still uncomfortable with using rubygems.org, we also host all versions of the oboe gem at gem.tracelytics.com as an alternative.

Additional Rubygems Information

For additional information about this exploit, here are some links:

Hacker News – Rubygems.org compromised
Heroku Status – Current status and incident report
Rubygems – Jan 30, 2013 Incident Status
Twitter – @rubygems_status

AppNeta is revolutionizing IT Performance Management with the first cloud-delivered service for integrated, end-to-end visibility across networks and applications.

The Performance Management blog covers everything related to web application and network performance. Join us as we seek better performance.

Blog Topics

select a blog topic

AppNeta