Hacker Exploits a Vulnerability on GitHub
Developer Egor Homakov hacked into GitHub over the weekend, demonstrating that the repository could be breached through a mass-assignment vulnerability in Rails. Although Homakov only posted an amusing commit, hackers with more nefarious plans in mind could have exploited the security hole to delete or alter the code or history of projects stored in GitHub. GitHub currently hosts more than 2.3 million repositories, including the source code for the Linux kernel, Ruby on Rails, jQuery, Node.js, Reddit, and many others.
In response to the hack, GitHub has apologized for making it difficult to report security bugs and has taken steps to make it easier for other white hats to report problems.