Hacker Exploits a Vulnerability on GitHub

by Developer.com Staff

Millions of projects stored on the repository are at risk from similar attacks.

Developer Egor Homakov hacked into GitHub over the weekend, demonstrating that the repository  could be breached through a mass-assignment vulnerability in Rails. Although Homakov only posted an amusing commit, hackers with more nefarious plans in mind could have exploited the security hole to delete or alter the code or history of projects stored in GitHub. GitHub currently hosts more than 2.3 million repositories, including the source code for the Linux kernel, Ruby on Rails, jQuery, Node.js, Reddit, and many others.

In response to the hack, GitHub has apologized for making it difficult to report security bugs and has taken steps to make it easier for other white hats to report problems.

View article

This article was originally published on Monday Mar 5th 2012
Mobile Site | Full Site