Featured Articles

TSMC: Volume production of 16nm FinFET in 2H 2015

TSMC: Volume production of 16nm FinFET in 2H 2015

TSMC has announced that it will begin volume production of 16nm FinFET products in the second half of 2015, in late…

More...
AMD misses earnings targets, announces layoffs

AMD misses earnings targets, announces layoffs

AMD has missed earnings targets and is planning a substantial job cuts. The company reported quarterly earnings yesterday and the street is…

More...
Did Google botch the Nexus 6 and Nexus 9?

Did Google botch the Nexus 6 and Nexus 9?

As expected, Google has finally released the eagerly awaited Nexus 6 phablet and its first 64-bit device, the Nexus 9 tablet.

More...
Gainward GTX 970 Phantom previewed

Gainward GTX 970 Phantom previewed

Nvidia has released two new graphics cards based on its latest Maxwell GPU architecture. The Geforce GTX 970 and Geforce GTX…

More...
EVGA GTX 970 SC ACX 2.0 reviewed

EVGA GTX 970 SC ACX 2.0 reviewed

Nvidia has released two new graphics cards based on its latest Maxwell GPU architecture. The Geforce GTX 970 and Geforce GTX…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Tuesday, 06 March 2012 11:28

GitHub hacked

Written by Nick Farrell



Security they have heard of it


GitHub, which is one of the largest repositories of commercial and open source software on the web, has been hacked.

Developer Egor Homakov found a huge hole in GitHub that allowed him to gain administrator access to projects such as Ruby on Rails, Linux, and millions of others. Apparently he found himself with the power to delete the entire history of projects such as jQuery, Node.js, Reddit, and Redis.

GitHub has even outgrown Sourceforge as the best place to pick up software. It is a web-based wrapper around Linus Torvalds’ Git revision control system. The difference is that it has social network features like feeds, friends, and trends. But GitHub has never been hacked even though many people must have known about the flaw. Github uses the Ruby on Rails application framework, and Rails can be taken down using a mass-assignment vulnerability.

Homakov exploited this vulnerability to add his public key to the Rails project on GitHub, which then meant that GitHub identified him as an administrator of the project. GitHub summarily suspended Homakov, fixed the hole, and, after “reviewing his activity,” he has been reinstated.

Nick Farrell

E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
blog comments powered by Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments