MalwareTips.com
/
Security Discussions
/
Other Security Related Discussions 
/
Egor Homakov hacks easily GitHub
/
Egor Homakov hacks easily GitHub
|
Egor Homakov hacks easily GitHub
|
|
03-05-2012, 03:04 PM
(This post was last modified: 03-05-2012 03:12 PM by Prorootect.)
 Post: #1 |
|||
|
|||
|
Egor Homakov hacks easily GitHub
.
Egor Homakov hacks easily GitHub topic for you .. Fun side of not having the Security. * GitHub and Rails: You have let us all down. : on chrisacky.posterous.com : http://chrisacky.posterous.com/github-yo...s-all-down QUOTE: 'Every GitHub repository was vulnerable to attack and absolutely nothing was safe.' * How GitHub was hacked : homakov.blogspot.com : http://homakov.blogspot.com/2012/03/how-to.html# QUOTE: 'How-To' 'after that procedure your victim got your public key. Enjoy your pushing ' * "Egor, stop hacking GH" : http://homakov.blogspot.com/2012/03/egor...ng-gh.html QUOTE: 'I'm not done yet. Why I do this? Since guys in rails issues ingored me and my issue I got spare time to test it on the first website i had in mind. github. That was pretty funny. Firstly, I could write post from 1234 year or 4321. Then, I could make a post pretending i am DHH. That was funny too. Then I could wipe any post in any project. That wasn't that funny but pretty dangereous. It got more curious. Today I can pull/commit/push in any repository on github. Jack pot. I will write big post regards this topic - examples(not only github is vulnerable this way - I found a lots of rails apps that are waiting for my hack! Yeah, it is only start). stay tuned. P.S. GH sorry, I was bored.' * GitHub and Rails: wow how come I commit in master? : https://github.com/rails/rails/commit/b8...a393e6dc57 QUOTE: 'Nice catch haha!' * Did GitHub Suspend Egor Homakov account? : i'm disappoint, github : http://homakov.blogspot.com/2012/03/im-d...ithub.html QUOTE: 'Yes I behaved like a jerk. But why you suspended my account? Oh yea, Terms. But, let's get it real. It is not the way you were supposed to fix things. I, dammit, LOVE YOU : http://homakov.blogspot.com/2011/07/octocat-tattoo.html ..................................................... ![[Image: 4Sz9Q.png]](http://i.imgur.com/4Sz9Q.png) . W.XPSP2, 12proc., 17serv.; IE8 sandboxed & tweaked Don't Tread on Me on MalwareTips forums Join, or Die |---> Shroud of Turin ![[Image: eoghD.gif]](http://i.imgur.com/eoghD.gif) The Tree of Liberty Must Be Refreshed
|
|||
|
|||
|
03-05-2012, 03:21 PM
Post: #2 |
|||
|
|||
|
RE: Egor Homakov hacks easily GitHub
.
How Homakov hacked GitHub and the line of code that could have prevented it : https://gist.github.com/1978249 QUOTE: '@homakov’s explot on GitHub was simple and straightforward. Calling it an attack makes it sound malicious whereas the truth was that GitHub bolted its front door but left the hinges on quick release. Homakov released the hinges, walked in and shouted to anyone who would listen that they had a problem. He was right. The Rails defaults are vulnerable and there’s no better illustration of this than when when one of the best Rails teams in the world is severely compromised.' .. W.XPSP2, 12proc., 17serv.; IE8 sandboxed & tweaked Don't Tread on Me on MalwareTips forums Join, or Die |---> Shroud of Turin The Tree of Liberty Must Be Refreshed
|
|||
|
|
|||
|
« Next Oldest | Next Newest »
|
| Possibly Related Threads... | |||||
| Thread: | Author | Replies: | Views: | Last Post | |
| Trusteer Rapport easily bypassed, virtually useless | Hungry Man | 7 | 10,712 |
11-22-2012 04:44 PM Last Post: TrusteerSupport |
|
User(s) browsing this thread: 1 Guest(s)
Contact Us |
Privacy policy |
Return to Top |
Return to Content |
Lite (Archive) Mode |
RSS Syndication |
Members List |
Forum Team
MalwareTips.com is an independent website.All trademarks mentioned on this page are the property of their respective owners.