Featured Articles

KitKat has more than a fifth of Android users

KitKat has more than a fifth of Android users

Android 4.4 is now running on more than a fifth of Android devices, according to Google’s latest figures.

More...
Nvidia introduces five new Quadro cards

Nvidia introduces five new Quadro cards

Nvidia has revamped its Quadro professional graphics line-up with a total of five new cards, two of which are based on…

More...
AMD Tonga XT graphics cards come later

AMD Tonga XT graphics cards come later

According to sources who wish to remain unnamed, we should see an AMD Tonga XT-based graphics card launched sometime in September.

More...
Nvidia Maxwell Geforce 800 comes in September

Nvidia Maxwell Geforce 800 comes in September

Nvidia was always cautious when talking about upcoming Maxwell parts, the first of which was launched back in March and based…

More...
Aerocool Dead Silence reviewed

Aerocool Dead Silence reviewed

Aerocool is well known for its gamer cases with aggressive styling. However, the Dead Silence chassis offers consumers a new choice,…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Tuesday, 06 March 2012 11:28

GitHub hacked

Written by Nick Farrell



Security they have heard of it


GitHub, which is one of the largest repositories of commercial and open source software on the web, has been hacked.

Developer Egor Homakov found a huge hole in GitHub that allowed him to gain administrator access to projects such as Ruby on Rails, Linux, and millions of others. Apparently he found himself with the power to delete the entire history of projects such as jQuery, Node.js, Reddit, and Redis.

GitHub has even outgrown Sourceforge as the best place to pick up software. It is a web-based wrapper around Linus Torvalds’ Git revision control system. The difference is that it has social network features like feeds, friends, and trends. But GitHub has never been hacked even though many people must have known about the flaw. Github uses the Ruby on Rails application framework, and Rails can be taken down using a mass-assignment vulnerability.

Homakov exploited this vulnerability to add his public key to the Rails project on GitHub, which then meant that GitHub identified him as an administrator of the project. GitHub summarily suspended Homakov, fixed the hole, and, after “reviewing his activity,” he has been reinstated.

Nick Farrell

E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
blog comments powered by Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments