Establishing Digital Trust: Don't Sacrifice Security for Convenience
The official GitHub-hosted Ruby on Rails code repository and bug tracker was hacked on Sunday to demonstrate a serious security flaw.
"Last Thursday, a Russian user named Egor Homakov reported a Rails vulnerability that could be exploited to insert unauthorized data into a Rails' application database through Web forms, much like in the case of SQL injection," writes PCWorld's Lucian Constantin.
"On Sunday, Homakov exploited the vulnerability on GitHub to create a rogue entry on the Ruby on Rails bug tracker that appeared to have been posted 1001 years into the future," Constantin writes. "He then gave himself commit rights to the official Rails code repository by replacing the public key of a real developer with his own into the GitHub database."
Go to "User Hacks GitHub to Showcase Vulnerability After Rails Developers Dismiss His Report" to read the details.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.