Mini Spy

Loading...
 

Egor Homakov hacks easily GitHub

Discussion in 'Other Security Related Discussions' started by Prorootect, Mar 5, 2012.

  1. Prorootect

    Prorootect Well-Known Member

    Reputation:
    1
    Joined:
    Nov 5, 2011
    Messages:
    3,090
    Likes Received:
    1,835
    .
    Egor Homakov hacks easily GitHub topic for you .. Fun side of not having the Security.

    * GitHub and Rails: You have let us all down. : on chrisacky.posterous.com : http://chrisacky.posterous.com/github-you-have-let-us-all-down

    QUOTE:
    'Every GitHub repository was vulnerable to attack and absolutely nothing was safe.'

    * How GitHub was hacked : homakov.blogspot.com : http://homakov.blogspot.com/2012/03/how-to.html#

    QUOTE:
    'How-To'
    'after that procedure your victim got your public key. Enjoy your pushing '

    * "Egor, stop hacking GH" : http://homakov.blogspot.com/2012/03/egor-stop-hacking-gh.html

    QUOTE:
    'I'm not done yet. Why I do this? Since guys in rails issues ingored me and my issue I got spare time to test it on the first website i had in mind. github.
    That was pretty funny. Firstly, I could write post from 1234 year or 4321.
    Then, I could make a post pretending i am DHH. That was funny too.

    Then I could wipe any post in any project. That wasn't that funny but pretty dangereous. It got more curious.
    Today I can pull/commit/push in any repository on github. Jack pot.

    I will write big post regards this topic - examples(not only github is vulnerable this way - I found a lots of rails apps that are waiting for my hack! Yeah, it is only start). stay tuned.
    P.S. GH sorry, I was bored.'

    * GitHub and Rails: wow how come I commit in master? : https://github.com/rails/rails/commit/b83965785db1eec019edf1fc272b1aa393e6dc57

    QUOTE:
    'Nice catch haha!'

    * Did GitHub Suspend Egor Homakov account? : i'm disappoint, github : http://homakov.blogspot.com/2012/03/im-disappoint-github.html

    QUOTE:
    'Yes I behaved like a jerk. But why you suspended my account? Oh yea, Terms.
    But, let's get it real. It is not the way you were supposed to fix things.

    I, dammit, LOVE YOU : http://homakov.blogspot.com/2011/07/octocat-tattoo.html

    ..................................................... [​IMG]
    .
     
  2. Prorootect

    Prorootect Well-Known Member

    Reputation:
    1
    Joined:
    Nov 5, 2011
    Messages:
    3,090
    Likes Received:
    1,835
    .
    How Homakov hacked GitHub and the line of code that could have prevented it : https://gist.github.com/1978249

    QUOTE:
    '@homakov’s explot on GitHub was simple and straightforward. Calling it an attack makes it sound malicious whereas the truth was that GitHub bolted its front door but left the hinges on quick release. Homakov released the hinges, walked in and shouted to anyone who would listen that they had a problem.

    He was right. The Rails defaults are vulnerable and there’s no better illustration of this than when when one of the best Rails teams in the world is severely compromised.' ..
     

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads: Egor Homakov
Forum Title Date
Other Security Related Discussions Malware Main Category (For newbies) Mar 26, 2014
Space Bar Which Metal category and bands you listen to (reply only if you listen to Metal) Jan 22, 2013
Avira Software [Avira Free] Which Threat Categories do you recommend me to select? Nov 12, 2011
Feedback and Suggestions Another How-to Category Jun 19, 2011

MalwareTips.com is an independent website.All trademarks mentioned on this page are the property of their respective owners.