Azazello Posted May 10, 2019 Share Posted May 10, 2019 (edited) FYI from the SANS NewsBites Vol. 21 Num. 036 (tech security newsletter): Quote Git Ransomware Hackers have been infecting code repositories with ransomware, wiping code and commits and replacing them with a text file ransom demand for Bitcoin. The hackers have targeted users on GitHub, GitLab, and Bitbucket. It is not clear how the attackers gained access to the accounts. Read more in:- www.theregister.co.uk: Mystery Git ransomware appears to blank commits, demands Bitcoin to rescue code- www.bleepingcomputer.com: Attackers Wiping GitHub and GitLab Repos, Leave Ransom Notes- www.vice.com: Someone Is Hacking GitHub Repositories and Holding Code Ransom Edited May 19, 2019 by Azazello Quote Link to comment
Jarno Mikkola Posted May 10, 2019 Share Posted May 10, 2019 And this is why you should have a text backup of all the produced content that you make... not that I own that, as I also don't have one for the MMFAQs I made... but next time, we won't know any better, either. Such a life. Quote Link to comment
lynx Posted May 11, 2019 Share Posted May 11, 2019 Git is a versioning system, so they can't really hurt many authors — you have a local backup automatically. Breaches like this may look intimidating, but they're easy to undo. Quote Link to comment
AL|EN Posted May 11, 2019 Share Posted May 11, 2019 Well, if you store password using plain text (GitLab response), or compromise it (Github response) it's not surprise that somebody could do whatever he want to you repos. Quote Link to comment
Azazello Posted May 13, 2019 Author Share Posted May 13, 2019 I agree with all: Some people either get too complacent or too lazy to mirror their code bases on :gasp: their own storage, especially the non-commercial repo user. But we can't ignore the fact that the security of these hosting sites - GitHub in particularly - is presumed by their users to be as good as or better than a person's harddrive. I mean, it's not like many developers have lost literally years worth of work from a HD crash, ahaha-- Oh wait... On 5/11/2019 at 4:39 AM, lynx said: Git is a versioning system, so they can't really hurt many authors — you have a local backup automatically. Breaches like this may look intimidating, but they're easy to undo. Git certainly is, but GitHub and those other services are code hosting sites - says so right on the package. GitHub make its bread&butter from providing hosting services to money-paying, commercial|corporate users -- all before Microsoft invested in, bought them. This kind of breach better not have happened with those users... Most non-paying users who haven't saved locally are safe in that their hosted code base has probably been forked anyway, already, so somebody in the world can provide a copy of that. I wonder how much GitHub charges if you asked them to provide a restore from their backups, hmm... Quote Link to comment
lynx Posted May 13, 2019 Share Posted May 13, 2019 You're missing the point of git — all history is preserved, so even force pushes can be undone. Of course, if you rely on just the browser to interact with your repos, then you're already using a very limited subset of the power and safety git offers. Quote Link to comment
Azazello Posted May 13, 2019 Author Share Posted May 13, 2019 (edited) I'm not missing the point - and you just made mine -- casual users of the service aren't using those features. Edited May 13, 2019 by Azazello Quote Link to comment
Mike1072 Posted May 13, 2019 Share Posted May 13, 2019 Everything on GitHub revolves around using git. Where are you getting your stats on these casual users? Quote Link to comment
Grammarsalad Posted May 15, 2019 Share Posted May 15, 2019 https://github.blog/2019-05-14-git-ransom-campaign-incident-report/ Quote Link to comment
Azazello Posted May 18, 2019 Author Share Posted May 18, 2019 Who changed the title of this thread? And why? Quote Link to comment
CamDawg Posted May 18, 2019 Share Posted May 18, 2019 Looks like Mike merged threads, and it took the title from Grammarsalad's thread. Quote Link to comment
Azazello Posted May 19, 2019 Author Share Posted May 19, 2019 so...? ok, I changed it back. Quote Link to comment
Recommended Posts
Join the conversation
You are posting as a guest. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.