Between this hack and the recent Rails vulnerabilities, it seems like a perfect storm. I wonder if either the hack attempted to tamper with the Rails gems to catch late updaters or to remove the ability to use RubyGems to update to the latest versions and keep vulnerable sites vulnerable.
It more looks like this was a natural extension of (part of) the Rails vulnerabilities. People saw that YAML on Ruby has a giant gaping security hole in it and was commonly used to decode user-supplied data.
I would not be surprised if we see even more of this as people feel out all of the other places that YAML is used as a user-facing data interchange format.
I think this hack was related to the recent Rails vulnerability. Heroku is blaming this on a "YAML parsing vulnerability" which I think was the problem same issue with rails. I'm not sure if they are using rails or not but its surprising that if it's the same issue they didn't do anything about it before this happened.
