Justin McNally j-mcnally

## gist:9056674
<input type="text" />

## HeartAttack.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              1 star
            
          
                j-mcnally
                / HeartAttack.md
            
            
              Last active
              August 29, 2015 13:59
            
              
                In The Wake of Heartbleed: Certificate Revocation & Re-issue / CRL List checking
              
          
    Heartbleed

By now everyone has likely heard of heartbleed. It is a dangerous exploit that reveals the contents of a server's memory to the web on any server running an unpatched or pre 1.0.1 version of OpenSSL. The fear by most is that the private key of a servers SSL Certificate may have been compromised since servers keep that information in RAM at some point.

Disclaimer: Facebook and other sites used in this article are used mearly as a familiar example and are not known at this time to be vulnerable of anything *

Man In The Middle

When an attacker gets your SSL Private key it enables them to sign SSL traffic as your site. This mean if the attacker has facebook.com's private key, they can impersonate facebook.com and have you send traffic to facebook.com and through various ARP and DNS poisoning have you really be sending data to them. Historically SSL has mitigated this type of attack because if you expect to send traffic to https://www.facebook.com the attacker won't have a valid cert and pri

  
## gist:11384822
    def self.activate
      Dir.glob(File.join(File.dirname(__FILE__), '../../app/reward_cards/*.rb')) do |c|
        Rails.configuration.cache_classes ? require(c) : load(c)
      end
    end

## sample.rb
require_dependency 'spree/address'

module AddressExtension
  def self.included(base)
    base.extend(ClassMethods)
    base.send(:include, InstanceMethods)
    base.class_eval do
      unloadable
      attr_accessible :residential

## gist:11388951
require 'reward/starbucks'
require 'reward/united'

class Card
  def initialize(params)
    @type     = params[:type]
    @username = params[:username]
    @password = params[:password]
  end


## gist:85a33178e2fe46bf5da1
<form onsubmit="grabMarkdownHtml()">
<textarea id='md_html' name="md_html"></textarea>
</form>


<script>
  var editor = new EpicEditor().load();
  grabMarkdownHtml = function() {
    document.getElementById('md_html').value = editor.getElement('previewer').body
  }

## gist:ff50e6503fac8822284d
2.0.0 (main):0 > d = DateTime.now
=> Tue, 29 Apr 2014 15:16:04 -0500
2.0.0 (main):0 > d.in_time_zone("Berlin")
=> Tue, 29 Apr 2014 22:16:04 CEST +02:00

## Application.rb
config.assets.precompile += [
      'public/framed.css',
      'public/mobile.css', 'public/mobile.js', 'public/detectmobilebrowser.js',
      'public/desktop.js',
      'public/customer_styles/**/*.css*',
      Proc.new {|path| (path =~ /^[a-z0-9]\w+.(css|js)$/) && !path.include?('tinymce/') }
    ]

## gist:4cc15447c021a2f61764
def find(funky_hash, *args)
    if funky_hash == 'foo'
      //do something
    else
      super(*args)
    end
end

## gist:3840f4438600a1f0eb96
def find_by_hstore(hstore_hash, *args)
    query = hstore_hash.collect{|k,v| "#{k} @> #{v}" }
    if args.length > 0
      find_by(*args).where(query)
    else
      where(query)
    end
end
	def self.activate
	Dir.glob(File.join(File.dirname(__FILE__), '../../app/reward_cards/*.rb')) do \|c\|
	Rails.configuration.cache_classes ? require(c) : load(c)
	end
	end
	require_dependency 'spree/address'

	module AddressExtension
	def self.included(base)
	base.extend(ClassMethods)
	base.send(:include, InstanceMethods)
	base.class_eval do
	unloadable
	attr_accessible :residential
	require 'reward/starbucks'
	require 'reward/united'

	class Card
	def initialize(params)
	@type = params[:type]
	@username = params[:username]
	@password = params[:password]
	end
	<form onsubmit="grabMarkdownHtml()">
	<textarea id='md_html' name="md_html"></textarea>
	</form>


	<script>
	var editor = new EpicEditor().load();
	grabMarkdownHtml = function() {
	document.getElementById('md_html').value = editor.getElement('previewer').body
	}
	2.0.0 (main):0 > d = DateTime.now
	=> Tue, 29 Apr 2014 15:16:04 -0500
	2.0.0 (main):0 > d.in_time_zone("Berlin")
	=> Tue, 29 Apr 2014 22:16:04 CEST +02:00
	config.assets.precompile += [
	'public/framed.css',
	'public/mobile.css', 'public/mobile.js', 'public/detectmobilebrowser.js',
	'public/desktop.js',
	'public/customer_styles/*/.css*',
	Proc.new {\|path\| (path =~ /^[a-z0-9]\w+.(css\|js)$/) && !path.include?('tinymce/') }
	]
	def find(funky_hash, *args)
	if funky_hash == 'foo'
	//do something
	else
	super(*args)
	end
	end
	def find_by_hstore(hstore_hash, *args)
	query = hstore_hash.collect{\|k,v\| "#{k} @> #{v}" }
	if args.length > 0
	find_by(*args).where(query)
	else
	where(query)
	end
	end