Skip to content

Instantly share code, notes, and snippets.

Justin McNally j-mcnally

Block or report user

Report or block j-mcnally

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@j-mcnally
j-mcnally / HeartAttack.md
Last active Aug 29, 2015
In The Wake of Heartbleed: Certificate Revocation & Re-issue / CRL List checking
View HeartAttack.md

Heartbleed

By now everyone has likely heard of heartbleed. It is a dangerous exploit that reveals the contents of a server's memory to the web on any server running an unpatched or pre 1.0.1 version of OpenSSL. The fear by most is that the private key of a servers SSL Certificate may have been compromised since servers keep that information in RAM at some point.

  • Disclaimer: Facebook and other sites used in this article are used mearly as a familiar example and are not known at this time to be vulnerable of anything *

Man In The Middle

When an attacker gets your SSL Private key it enables them to sign SSL traffic as your site. This mean if the attacker has facebook.com's private key, they can impersonate facebook.com and have you send traffic to facebook.com and through various ARP and DNS poisoning have you really be sending data to them. Historically SSL has mitigated this type of attack because if you expect to send traffic to https://www.facebook.com the attacker won't have a valid cert and pri

View gist:11388951
require 'reward/starbucks'
require 'reward/united'
class Card
def initialize(params)
@type = params[:type]
@username = params[:username]
@password = params[:password]
end
View sample.rb
require_dependency 'spree/address'
module AddressExtension
def self.included(base)
base.extend(ClassMethods)
base.send(:include, InstanceMethods)
base.class_eval do
unloadable
attr_accessible :residential
View gist:11384822
def self.activate
Dir.glob(File.join(File.dirname(__FILE__), '../../app/reward_cards/*.rb')) do |c|
Rails.configuration.cache_classes ? require(c) : load(c)
end
end
View gist:85a33178e2fe46bf5da1
<form onsubmit="grabMarkdownHtml()">
<textarea id='md_html' name="md_html"></textarea>
</form>
<script>
var editor = new EpicEditor().load();
grabMarkdownHtml = function() {
document.getElementById('md_html').value = editor.getElement('previewer').body
}
View gist:ff50e6503fac8822284d
2.0.0 (main):0 > d = DateTime.now
=> Tue, 29 Apr 2014 15:16:04 -0500
2.0.0 (main):0 > d.in_time_zone("Berlin")
=> Tue, 29 Apr 2014 22:16:04 CEST +02:00
View gist:3840f4438600a1f0eb96
def find_by_hstore(hstore_hash, *args)
query = hstore_hash.collect{|k,v| "#{k} @> #{v}" }
if args.length > 0
find_by(*args).where(query)
else
where(query)
end
end
View Application.rb
config.assets.precompile += [
'public/framed.css',
'public/mobile.css', 'public/mobile.js', 'public/detectmobilebrowser.js',
'public/desktop.js',
'public/customer_styles/**/*.css*',
Proc.new {|path| (path =~ /^[a-z0-9]\w+.(css|js)$/) && !path.include?('tinymce/') }
]
View gist:4cc15447c021a2f61764
def find(funky_hash, *args)
if funky_hash == 'foo'
//do something
else
super(*args)
end
end
You can’t perform that action at this time.