Featured Articles

Android Wear installed on 50-100k phones

Android Wear installed on 50-100k phones

Android Wear is a companion app that you need in order to run your new Android Wear watch.

More...
AMD launches 45W desktop Kaveri parts, finally

AMD launches 45W desktop Kaveri parts, finally

AMD has finally launched three 45W Kaveri SKUs, which were in the works for months. The three chips feature configurable TDP,…

More...
Desktop Broadwell LGA is Socket 1150

Desktop Broadwell LGA is Socket 1150

Broadwell was supposed to come in 2014 and it will ship in the last quarter of this year for detachable thin…

More...
Nvidia officially launches the 8-inch Shield Tablet

Nvidia officially launches the 8-inch Shield Tablet

As expected and reported earlier, Nvidia has now officially announced its newest Shield device, the new 8-inch Shield Tablet. While the…

More...
Aerocool Dead Silence reviewed

Aerocool Dead Silence reviewed

Aerocool is well known for its gamer cases with aggressive styling. However, the Dead Silence chassis offers consumers a new choice,…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Tuesday, 06 March 2012 11:28

GitHub hacked

Written by Nick Farrell



Security they have heard of it


GitHub, which is one of the largest repositories of commercial and open source software on the web, has been hacked.

Developer Egor Homakov found a huge hole in GitHub that allowed him to gain administrator access to projects such as Ruby on Rails, Linux, and millions of others. Apparently he found himself with the power to delete the entire history of projects such as jQuery, Node.js, Reddit, and Redis.

GitHub has even outgrown Sourceforge as the best place to pick up software. It is a web-based wrapper around Linus Torvalds’ Git revision control system. The difference is that it has social network features like feeds, friends, and trends. But GitHub has never been hacked even though many people must have known about the flaw. Github uses the Ruby on Rails application framework, and Rails can be taken down using a mass-assignment vulnerability.

Homakov exploited this vulnerability to add his public key to the Rails project on GitHub, which then meant that GitHub identified him as an administrator of the project. GitHub summarily suspended Homakov, fixed the hole, and, after “reviewing his activity,” he has been reinstated.

Nick Farrell

E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
blog comments powered by Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments