Featured Articles

IHS teardown reveals Galaxy S5 BOM

IHS teardown reveals Galaxy S5 BOM

Research firm IHS got hold of Samsung’s new flagship smartphone and took it apart to the last bolt to figure out…

More...
Galaxy S5, HTC One M8 available selling well

Galaxy S5, HTC One M8 available selling well

Samsung’s Galaxy S5 has finally gone on sale and it can be yours for €699, which is quite a lot of…

More...
Intel lists Haswell refresh parts

Intel lists Haswell refresh parts

Intel has added a load of Haswell refresh parts to its official price list and there really aren’t any surprises to…

More...
Respawn confirms Titanfall DLC for May

Respawn confirms Titanfall DLC for May

During his appearance at PAX East panel and confirmed on Twitter, Titanfall developer Respawn confirmed that the first DLC pack for…

More...
KFA2 GTX 780 Ti Hall Of Fame reviewed

KFA2 GTX 780 Ti Hall Of Fame reviewed

KFA2 gained a lot of overclocking experience with the GTX 780 Hall of Fame (HOF), which we had a chance to…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Tuesday, 06 March 2012 11:28

GitHub hacked

Written by Nick Farrell



Security they have heard of it


GitHub, which is one of the largest repositories of commercial and open source software on the web, has been hacked.

Developer Egor Homakov found a huge hole in GitHub that allowed him to gain administrator access to projects such as Ruby on Rails, Linux, and millions of others. Apparently he found himself with the power to delete the entire history of projects such as jQuery, Node.js, Reddit, and Redis.

GitHub has even outgrown Sourceforge as the best place to pick up software. It is a web-based wrapper around Linus Torvalds’ Git revision control system. The difference is that it has social network features like feeds, friends, and trends. But GitHub has never been hacked even though many people must have known about the flaw. Github uses the Ruby on Rails application framework, and Rails can be taken down using a mass-assignment vulnerability.

Homakov exploited this vulnerability to add his public key to the Rails project on GitHub, which then meant that GitHub identified him as an administrator of the project. GitHub summarily suspended Homakov, fixed the hole, and, after “reviewing his activity,” he has been reinstated.

Nick Farrell

E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
blog comments powered by Disqus

To be able to post comments please log-in with Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments