Welcome Buddy!

Get Started
Hacking & CrackingTech News

Over Weekend, GitHub hacked with Ruby on Rails public key vulnerability

cnwintech github hacked with ruby on rails public key vulnerability

Github, the service that many professional programmers use to store their work and collaborate on coding, was hacked over the weekend. A young Russian developer Egor Homakov exploited a gaping vulnerability in GitHub that allowed him (or anyone else with basic hacker know-how) to gain administrator access to projects such as Ruby on Rails, Linux, and millions of others.

When Github saw what happened, they suspended Homakov’s account, which created a firestorm of protest. A blog post entitled, Github, You Have Let Us All Down. Github has succumbed to a public key vulnerability in Ruby on Rails allowing a user administrator access to the popular Rails Git. Homakov’s actions were relatively simple – he merely uploaded his public key to the repository so Git thought he was an approved administrator of that project. This would not only entitle Homakov to commit files but he could effectively wipe the entire project and its history clean.

“The root cause of the vulnerability was a failure to properly check incoming form parameters, a problem known as the mass-assignment vulnerability,” GitHub co-founder Tom Preston-Werner wrote in a blog post.

“Two days ago he responsibly disclosed a security vulnerability to us and we worked with him to fix it in a timely fashion. Today, he found and exploited the public key form update vulnerability without responsible disclosure,” Preston-Werner said, explaining that this had meant Homakov had broken GitHub’s terms and conditions.

Github is used by a number of high-profile projects including the Linux kernel. Homakev’s actions were to exploit a well-known weakness of Ruby on Rails and questions might be asked as to why Github’s administrators did not block such an attack sooner.

Moving forward, GitHub has apologized for obfuscating how white hat hackers should disclose security vulnerabilities and set up a new help page that clearly lists how to report issues.

1available ads room - 728x90

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Check Also
Close
Subscribe Now
Advertisement
Back to top button
Close

Adblock Detected!

If you enjoy our content, please support our site by disabling your ad blocker or whitelisting us. We use ads to keep our content happy and free.