53 points by justsomehuman about 6 hours ago | 21 comments | View on ycombinator
jerf about 5 hours ago |
j1elo about 6 hours ago |
* GitHub's backwards priorities end up causing a hack on their systems.
* Hackers use their newly gained powers to compromise other people's repos.
* GitHub dectects compromised repo, and suspends the account of its maintainer, so they cannot warn nor act against it to protect or at least warn their community of users.
"I cause a fire, and later ban you for getting burned."
No wonder people are leaving.
christeamrs about 2 hours ago |
Our tool already discovers infected repositories and mitigates/removes the implants from the filesystem.
Please revoke/rotate all your tokens and passwords that were used in the infected repositories, the worm is pretty sophisticated.
Carbonhell about 4 hours ago |
tom1337 about 4 hours ago |
undefined about 6 hours ago |
dividendflow about 6 hours ago |
Greater HN collective, please help me metaphorically double-click on this. I've poked around a bit but didn't find out much more than the given link. What are we concerned about the hack possibly having accomplished?
Because stealing repos is bad enough... but are we saying it's possible that commits can now magically appear in repos from hackers? I don't want to raise any alarms if I'm misreading this or if we're early in the news cycle, but if that's possible, I and a lot of other people reading this need to have some immediate conversations with a lot of people. So... is that what this is saying? Or am I misreading it? I sure hope so.