A hacker named Eric Holmes discovered that Homebrew published their GitHub API token key in plaintext.
“This is essentially an access key that, when inserted into web requests made to Homebrew’s GitHub account, tells the server what access rights to grant to those requests,” said Paul Ducklin,Senior Security Advisor, Sophos.
REF: http://www.admin-magazine.com/News/One-Hacker-Could-Have-Taken-Control-of-Macs-Used-by-IT-Professionals
沒有留言:
張貼留言