Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Gentoo github hacked
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3, 4  
Reply to topic    Gentoo Forums Forum Index Gentoo Chat
View previous topic :: View next topic  
Author Message
TigerJr
Guru
Guru


Joined: 19 Jun 2007
Posts: 444
Location: /dev/x0

PostPosted: Tue Jul 03, 2018 9:36 am    Post subject: Reply with quote

Github already bought by micro$oft so all your code are belongs to micro$oft

They want money ))


I think that they want else .... burn all linux projects and bury serious rivals )))
_________________

Do not update portage without hotdog!

Xenogentooway?
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 2546
Location: Illinois, USA

PostPosted: Tue Jul 03, 2018 2:12 pm    Post subject: Reply with quote

joanandk wrote:
Tony0945 wrote:
EDIT We're seeing that famed Microsoft security.


I do not think this has happened by accident, it was planned and executed by the new staff.

BR

Reminds me of the Piriform CCleaner attack that occurred shortly after Avast tooh over CCleaner. Luckily, Malwarebytes caught that and I had the previous version still available. Have not updated ANY former Piriform products since then.

I have given thought to altering my update schedule, which used to keep my machines updated every week. Now I will only do selected updates if I have a bug or need a new feature.

I'm VERY glad that ebuilds are text files instead of binary installers like Windoze has. I'll be sure to diff my ebuilds before installing in the future.


Last edited by Tony0945 on Tue Jul 03, 2018 4:31 pm; edited 1 time in total
Back to top
View user's profile Send private message
Naib
Watchman
Watchman


Joined: 21 May 2004
Posts: 5403
Location: Removed by Neddy

PostPosted: Tue Jul 03, 2018 2:47 pm    Post subject: Reply with quote

Tony0945 wrote:
joanandk wrote:
Tony0945 wrote:
EDIT We're seeing that famed Microsoft security.


I do not think this has happened by accident, it was planned and executed by the new staff.

BR

Reminds me of the Piriform CCleaner attack that occurred shortly after Avast tool over CCleaner. Luckily, Malwarebytes caught that and I had the previous version still available. Have not updated ANY former Piriform products since then.

I have given thought to altering my update schedule, which used to keep my machines updated every week. Now I will only do selected updates if I have a bug or need a new feature.

I'm VERY glad that ebuilds are text files instead of binary installers like Windoze has. I'll be sure to diff my ebuilds before installing in the future.
I forgot about that...either coincidental both occur just after such acquisitions or inside job to bring bad press.
_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
Naib
Watchman
Watchman


Joined: 21 May 2004
Posts: 5403
Location: Removed by Neddy

PostPosted: Thu Jul 05, 2018 12:18 pm    Post subject: Reply with quote

https://thehackernews.com/2018/07/github-hacking-gentoo-linux.html

Password guessing ....
_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 2546
Location: Illinois, USA

PostPosted: Thu Jul 05, 2018 6:20 pm    Post subject: Reply with quote

Thanks for the link, Naib.

Yeah, password guessing. At that at least it's a step above the Democratic National Committee big shot who responded to an obvious phishing e-mail that told him to verify his database password in reply to that e-mail! I don't think a ten year old child would fall for that.

Two factor login as suggested by the link is a good idea. I hope for the dev's sake that they don't impose Captcha's. The last thing a dev needs is to waste five minutes clicking endless pictures.
Back to top
View user's profile Send private message
asturm
Developer
Developer


Joined: 05 Apr 2007
Posts: 6383
Location: Austria

PostPosted: Thu Jul 05, 2018 6:26 pm    Post subject: Reply with quote

GitHub won't impose captchas just because one account had their password guessed.
_________________
backend.cpp:92:2: warning: #warning TODO - this error message is about as useful as a cooling unit in the arctic
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 12619

PostPosted: Fri Jul 06, 2018 1:16 am    Post subject: Reply with quote

So far, I have not seen anything quantifying how many wrong variations of the password were tried before the attacker hit upon the right one. I have seen that the disclosed password from another site had some pattern that allowed the attacker to guess the Github password through its similarity to the disclosed password. If so, it's possible that the attacker required so few guesses on the variation that a CAPTCHA would not have been a notable barrier. Two-factor based on a TOTP is more secure than an anti-guessing CAPTCHA, is less annoying, and is already implemented. If Github takes any action (and I don't think it's fair to expect them to), it should be to more aggressively encourage users to enable two-factor authentication.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo Chat All times are GMT
Goto page Previous  1, 2, 3, 4
Page 4 of 4

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum