GitHub, launched in 2008, is a hosting service for web application development. The name of the site is derived from its use of the Git revisioning system that controls the code versions of the many open source packages stored there. Last year, GitHub announced that the web site had over two million code repositories and over one million enrolled users.
Ruby on Rails is based on the Ruby programming language, first introduced in 1995. RoR first appeared in 2004 and became open source in 2005. In 2009, Apple shipped RoR with Mac OS X v10.5, otherwise known as Snow Leopard, to help web developers build OS X applications. The latest version of RoR is 3.1, released in August 2011. Currently, close to a quarter-million web sites run applications based on RoR.
The RoR 'mass assignment' flaw allowed Homakov to replace the cryptographic key of a key contributor to the site with one that gave Homakov that contributor's identity and rights, giving Homakov write access to the web site's code repository for Ruby on Rails. To make his presence as an illegal admin prominent, Homakov posted bug tracker entries in the GitHub bug tracker systems with dates in the year 3013.
Two days previous to his takeover, Homakov had posted warnings about the flaw on RoR forums, the responses being only a storm of comments and very little action, despite his explicit statements about the severe consequences for web sites that did not repair the vulnerability. After the takeover was negated, Homakov was temporarily suspended from the GitHub web site, but then soon after was reinstated, with equal numbers of open source developers condemning and praising him.
Important voices in the open source community have stated that, though they do recognize that it's unlikely to expect action based on simple warnings, they still worry that developers must use their sense of social and moral responsibility when attempting to publicize the seriousness of a discovered flaw. The compromise between warnings and actions must be a policy of responsible disclosure, they say.
Denial-of-service (DoS) attacks, also known as distributed denial-of-service (DDoS) attacks, are hitting more and more web sites and hitting them so often now that some have taken to treating the attacks as just...
Though some monumental cyber-attacks involving millions of dollars in losses for financial institutions have been in the news lately, experts in computer security are saying in a research study just issued that ...
The Internet has long been a source for material that can easily be considered illegal, such as graphic pornography or criminal activity. Anyone who provided storage space or access to such files could be ordere...
More and more of the functionality that runs today's world is making its way to the Internet cloud, a trend that means an ever-growing need among the American public for secure fast reliable access to the Intern...
The Senate of the United States Congress passed a bill on Monday that will allow each state throughout the U.S. to collect whatever sales tax they deem appropriate for online sales made to state residents, even ...
So far, Google Fiber is only being rolled out in two cities in the United States, the first in the Kansas City metropolitan region that spans the border between Kansas and Missouri and the second in Austin, Texa...
This week, the World Wide Web celebrated its 20th birthday. Strictly speaking, the Internet network created for information sharing among universities and other groups had been around since the 1960s and the ver...
The growth and sophistication of unified communications (UC) systems that connect via the Internet with full audio and video is ramping up to new levels. The popular Skype communication service, now owned by Mic...
It turns out that the hack attack on the social couponing site LivingSocial may become a lesson for those people who try to keep their online lives simple by using the same password for every sign-on. Yes, it is...
Three paths are converging on the business use of social networks on the Internet. First, employers are being barred by new state laws from asking for access to employee Twitter and Facebook accounts. Second, Wa...