GitHub Hacked 202
MrSeb writes "Over the weekend, developer Egor Homakov exploited a gaping vulnerability in GitHub that allowed him (or anyone else with basic hacker know-how) to gain administrator access to projects such as Ruby on Rails, Linux, and millions of others. GitHub uses the Ruby on Rails application framework, and Rails has been weak to what's known as a mass-assignment vulnerability for years. Basically, Homakov exploited this vulnerability to add his public key to the Rails project on GitHub, which then meant that GitHub identified him as an administrator of the project. From here, he could effectively do anything, including deleting the entire project from the web; instead, he posted a fairly comical commit. GitHub summarily suspended Homakov, fixed the hole, and, after 'reviewing his activity,' he has been reinstated. Homakov could've gained administrative access to the master branch of any project on GitHub and deleted the history, committed junk, or closed or opened tracker tickets."
That's what you get (Score:5, Funny)
That's what you get when you allow Italians like this guy on America's internet. Don't say I didn't warn you.
The remedy is that we all need to be more proactive about patronizing Wisconsin cheese and California wine.
GitHub hacked (Score:0, Funny)
So, somebody hacked into a computer system to gain access to open source software. Brilliant.
I felt a great disturbance in the Force (Score:5, Funny)
...as if millions of voices suddenly cried out from coffee shops in terror and were suddenly pwned. I fear something terrible, and totally predictable, has happened.
Just wait a few years, Ruby on fails will strike back!
Re:The response of 99.9% of humanity: (Score:5, Funny)
This is Slashdot, the 99.9% doesn't come here
Slashdot, home of the 0.1%.
Re:That's what you get (Score:5, Funny)
Dude, it is far worse than you imagine. The guy is obviously Russian. The Russians are coming!
Re:Linux security or trust (Score:4, Funny)
Thankfully, no serious projects are hosted on GitHub.
No, that's what you get for using a dying language (Score:5, Funny)
Ruby on Rails - the perfect blend of poor performance (Ruby) and gaping holes (Rails).
irresponsible (Score:2, Funny)
Re:PHP (Score:5, Funny)
Re:Linux? Since when? (Score:2, Funny)
Couldn't resist [quickmeme.com]