Featured Articles

Snapdragon 400 is Qualcomm’s SoC for watches, wearables

Snapdragon 400 is Qualcomm’s SoC for watches, wearables

We wanted to learn a bit more about Qualcomm's plans for wearables and it turns out that the company believes its…

More...
Qualcomm sampling 20nm Snapdragon 810

Qualcomm sampling 20nm Snapdragon 810

We had a chance to talk to Michelle Leyden-Li, Senior Director of Marketing, QCT at Qualcomm and get an update on…

More...
EVGA GTX 970 SC ACX 2.0 reviewed

EVGA GTX 970 SC ACX 2.0 reviewed

Nvidia has released two new graphics cards based on its latest Maxwell GPU architecture. The Geforce GTX 970 and Geforce GTX…

More...
Nvidia GTX 980 reviewed

Nvidia GTX 980 reviewed

Nvidia has released two new graphics cards based on its latest Maxwell GPU architecture. The Geforce GTX 970 and Geforce GTX…

More...
PowerColor TurboDuo R9 285 reviewed

PowerColor TurboDuo R9 285 reviewed

Today we will take a look at the PowerColor TurboDuo Radeon R9 285. The card is based on AMD’s new…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Tuesday, 06 March 2012 11:28

GitHub hacked

Written by Nick Farrell



Security they have heard of it


GitHub, which is one of the largest repositories of commercial and open source software on the web, has been hacked.

Developer Egor Homakov found a huge hole in GitHub that allowed him to gain administrator access to projects such as Ruby on Rails, Linux, and millions of others. Apparently he found himself with the power to delete the entire history of projects such as jQuery, Node.js, Reddit, and Redis.

GitHub has even outgrown Sourceforge as the best place to pick up software. It is a web-based wrapper around Linus Torvalds’ Git revision control system. The difference is that it has social network features like feeds, friends, and trends. But GitHub has never been hacked even though many people must have known about the flaw. Github uses the Ruby on Rails application framework, and Rails can be taken down using a mass-assignment vulnerability.

Homakov exploited this vulnerability to add his public key to the Rails project on GitHub, which then meant that GitHub identified him as an administrator of the project. GitHub summarily suspended Homakov, fixed the hole, and, after “reviewing his activity,” he has been reinstated.

Nick Farrell

E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
blog comments powered by Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments