New old Windows bug emerges, your ‘strong’ password is anything but, plus plenty more


Image composite: Microsoft and StudioLondon

Roundup Here is a brief look at some of the other security stories floating around right now.

Earlier this month, an alert went out to Ruby on Rails developers after it was discovered that a popular package had been hijacked and injected with malicious code.

Ruby gem strong_password tarnished

Tute Costa was going through the gems used for his Ruby application and checking for updates when he noticed that something was amiss with the strong_password package.

It was eventually concluded that the GitHub account managing the gem had been hijacked from its original owner and then had a bit of malicious code inserted. Costa alerted both the original owner and the Ruby on Rails security team.

Read more…