Guard your Rails Secret_tokens

From: Stephen Haywood 
------------------------------------------------------
I assume this goes without saying for this group but make sure your rails
secret

=============================================================== From: Jon Stanford ------------------------------------------------------ SWYgeW91IHRoaW5rIHRoYXQncyBiYWQgZ28gbG9vayBmb3Igc29tZSBwdWJsaWMgaWRfcnNhIGtl eXMgb24gZ2l0aHViLi4uIFNjcm9sbCB0aHJvdWdoIGEgZmV3IHBhZ2VzIHlvdSdsbCBmaW5kIGtl eXMgYW5kIHRoZSBrbm93bl9ob3N0cyB0aGV5IHVubG9jaywgd2l0aCBzY2FyeSBmcmVxdWVuY3ku CgpodHRwczovL2dpdGh1Yi5jb20vc2VhcmNoP3A9MSZxPWlkX3JzYSZyZWY9c2VhcmNocmVzdWx0 cyZ0eXBlPUNvZGUKClN0ZXBoZW4gSGF5d29vZCA8c3RlcGhlbkBhdmVyYWdlc2VjdXJpdHlndXku aW5mbz4gd3JvdGU6Cgo+X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX18KPkNodWdhbHVnIG1haWxpbmcgbGlzdAo+Q2h1Z2FsdWdAY2h1Z2FsdWcub3JnCj5odHRw Oi8vY2h1Z2FsdWcub3JnL2NnaS1iaW4vbWFpbG1hbi9saXN0aW5mby9jaHVnYWx1Zwo=

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

=============================================================== From: Stephen Haywood ------------------------------------------------------ Yep. I have a script that searches for ssh, oauth, and db creds. There are a lot of MySQL creds for live systems in PHP projects. -- Stephen Haywood Owner, ASG Consulting CISSP, GSEC, OSCP T: @averagesecguy W: averagesecurityguy.info