The NSA — the United States intelligence agency which is known for its secrecy and working in the dark — has finally joined GitHub and launched an official GitHub page.
The NSA employs genius-level coders and brightest mathematicians, who continually work to break codes, gather intelligence on everyone, and develop hacking tools like EternalBlue that was leaked by the Shadow Brokers in April and abused by the WannaCry ransomware last month to wreak havoc worldwide. The intelligence agency mostly works in secret, but after Edward Snowden leaks in 2013, the NSA has started opening itself to the world.Read more
A new tech recruitment project scraped user data from GitHub and other similar websites and inadvertently leaked it online through a misconfigured MongoDB database. Australian security expert was recently provided a 600 Mb MongoDB backup file containing data from a tech recruitment website called GeekedIn.
A closer analysis revealed that the file contained information on more than 8 million GitHub profiles, including names, email addresses and other data. However, just over one million of the exposed email addresses are valid. The MongoDB database also included thousands of accounts apparently taken from BitBucket.Read more
A chap who found two serious security bugs in Git servers and clients has urged people to patch their software. The flaws are present in Git, meaning the vulnerabilities have been lurking in the open-source version control tool for years.
It is possible these two programming blunders can be potentially exploited to corrupt memory or execute malicious code on remote servers and clients. To do so, an attacker would have to craft a Git repository with a tree of files that have extremely long filenames, and then push the repo to a vulnerable server or let a vulnerable client clone it from the internet.Read more
A popular coding website of the USA is enduring an onslaught of Internet traffic meant for China’s most popular search engine, and security experts say the episode likely represents an attempt by China to shut down anticensorship tools.
The attack on a service world-wide software development used by programmers and major tech firms appears to underscore how China’s Internet censors increasingly reach outside the country to clamp down on content they find objectionable. Security experts said the traffic onslaught directed huge amounts of traffic from overseas users of Chinese search giant Baidu Inc. to GitHub.Read more