Account Security Updates

Alongside introducing new security features like Two-Factor Authentication (2FA) and integration with haveibeenpwned.com, we also take a quick look into the inner workings of Two-Factor Authentication.

Understanding the rails-jquery CSRF vulnerability (CVE-2015-1840)

Several new security disclosures were released recently. One of them was for rails-jquery, the javascript library that implements "remote" links and forms in Rails. In this post we'll dissect the problem and see how it was fixed.