Skip to content

Instantly share code, notes, and snippets.

View mckoss's full-sized avatar

Mike Koss mckoss

View GitHub Profile
@mckoss
mckoss / a-test.js
Last active December 24, 2015 22:03 — forked from anonymous/a-test.js
var assert = require('assert');
var a = require('./a');
suite("A", function() {
test("a", function() {
a.sub(function() {
assert.ok(true);
});
a.trigger();
});
@mckoss
mckoss / securing_rails_updates.md
Created March 5, 2012 15:14 — forked from peternixey/securing_rails_updates.md
How Homakov hacked GitHub and how to protect your application

##How Homakov hacked GitHub and the line of code that could have prevented it

@homakov’s explot on GitHub was simple and straightforward. Calling it an attack makes it sound malicious whereas the truth was that GitHub bolted its front door but left the hinges on quick release. Homakov released the hinges, walked in and shouted to anyone who would listen that they had a problem.

He was right. The Rails defaults are vulnerable and there’s no better illustration of this than when when one of the best Rails teams in the world is severely compromised.


TL;DR: How to protect your Rails application from the GitHub attack