GitHub Hacked

MrSeb writes "Over the weekend, developer Egor Homakov exploited a gaping vulnerability in GitHub that allowed him (or anyone else with basic hacker know-how) to gain administrator access to projects such as Ruby on Rails, Linux, and millions of others. GitHub uses the Ruby on Rails application framework, and Rails has been weak to what's known as a mass-assignment vulnerability for years. Basically, Homakov exploited this vulnerability to add his public key to the Rails project on GitHub, which then meant that GitHub identified him as an administrator of the project. From here, he could effectively do anything, including deleting the entire project from the web; instead, he posted a fairly comical commit. GitHub summarily suspended Homakov, fixed the hole, and, after 'reviewing his activity,' he has been reinstated. Homakov could've gained administrative access to the master branch of any project on GitHub and deleted the history, committed junk, or closed or opened tracker tickets."

Yet another reason...

...to never use Ruby on Rails or trust any developer who uses it. Such a horrid framework backed by the most elitist pricks I've ever seen. I'm glad they got hacked. The more negative press they get to better. Kick those faux devs out on to the street.

To those Mac fanboys out there who think they are "developers". Grow up, use a real OS, and use a real goddamn language and framework.

Also, GitHub sucks. This should be obvious by their choice of framework to run their site.