View previous topic :: View next topic |
Author |
Message |
TigerJr Guru
Joined: 19 Jun 2007 Posts: 540
|
Posted: Tue Jul 03, 2018 9:36 am Post subject: |
|
|
Github already bought by micro$oft so all your code are belongs to micro$oft
They want money ))
I think that they want else .... burn all linux projects and bury serious rivals ))) _________________ Do not use gentoo, it die |
|
Back to top |
|
|
Tony0945 Watchman
Joined: 25 Jul 2006 Posts: 5127 Location: Illinois, USA
|
Posted: Tue Jul 03, 2018 2:12 pm Post subject: |
|
|
joanandk wrote: | Tony0945 wrote: | EDIT We're seeing that famed Microsoft security. |
I do not think this has happened by accident, it was planned and executed by the new staff.
BR |
Reminds me of the Piriform CCleaner attack that occurred shortly after Avast tooh over CCleaner. Luckily, Malwarebytes caught that and I had the previous version still available. Have not updated ANY former Piriform products since then.
I have given thought to altering my update schedule, which used to keep my machines updated every week. Now I will only do selected updates if I have a bug or need a new feature.
I'm VERY glad that ebuilds are text files instead of binary installers like Windoze has. I'll be sure to diff my ebuilds before installing in the future.
Last edited by Tony0945 on Tue Jul 03, 2018 4:31 pm; edited 1 time in total |
|
Back to top |
|
|
Naib Watchman
Joined: 21 May 2004 Posts: 6051 Location: Removed by Neddy
|
Posted: Tue Jul 03, 2018 2:47 pm Post subject: |
|
|
Tony0945 wrote: | joanandk wrote: | Tony0945 wrote: | EDIT We're seeing that famed Microsoft security. |
I do not think this has happened by accident, it was planned and executed by the new staff.
BR |
Reminds me of the Piriform CCleaner attack that occurred shortly after Avast tool over CCleaner. Luckily, Malwarebytes caught that and I had the previous version still available. Have not updated ANY former Piriform products since then.
I have given thought to altering my update schedule, which used to keep my machines updated every week. Now I will only do selected updates if I have a bug or need a new feature.
I'm VERY glad that ebuilds are text files instead of binary installers like Windoze has. I'll be sure to diff my ebuilds before installing in the future. | I forgot about that...either coincidental both occur just after such acquisitions or inside job to bring bad press. _________________
Quote: | Removed by Chiitoo |
|
|
Back to top |
|
|
Naib Watchman
Joined: 21 May 2004 Posts: 6051 Location: Removed by Neddy
|
|
Back to top |
|
|
Tony0945 Watchman
Joined: 25 Jul 2006 Posts: 5127 Location: Illinois, USA
|
Posted: Thu Jul 05, 2018 6:20 pm Post subject: |
|
|
Thanks for the link, Naib.
Yeah, password guessing. At that at least it's a step above the Democratic National Committee big shot who responded to an obvious phishing e-mail that told him to verify his database password in reply to that e-mail! I don't think a ten year old child would fall for that.
Two factor login as suggested by the link is a good idea. I hope for the dev's sake that they don't impose Captcha's. The last thing a dev needs is to waste five minutes clicking endless pictures. |
|
Back to top |
|
|
asturm Developer
Joined: 05 Apr 2007 Posts: 8933
|
Posted: Thu Jul 05, 2018 6:26 pm Post subject: |
|
|
GitHub won't impose captchas just because one account had their password guessed. |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21498
|
Posted: Fri Jul 06, 2018 1:16 am Post subject: |
|
|
So far, I have not seen anything quantifying how many wrong variations of the password were tried before the attacker hit upon the right one. I have seen that the disclosed password from another site had some pattern that allowed the attacker to guess the Github password through its similarity to the disclosed password. If so, it's possible that the attacker required so few guesses on the variation that a CAPTCHA would not have been a notable barrier. Two-factor based on a TOTP is more secure than an anti-guessing CAPTCHA, is less annoying, and is already implemented. If Github takes any action (and I don't think it's fair to expect them to), it should be to more aggressively encourage users to enable two-factor authentication. |
|
Back to top |
|
|
|