GitHub has said a bug exposed some user passwords -- in plaintext. The code repository site, with more than 27 million users as of last year, sent an email to affected users Tuesday.
"During the course of regular auditing, GitHub discovered that a recently introduced bug exposed a small number of users' passwords to our internal logging system," said the email, received by some users. The email said that a handful of GitHub staff could have seen those passwords -- and that it's "unlikely" that any GitHub staff accessed the site's internal logs. "We have corrected this, but you'll need to reset your password to regain access to your account," the email added.Read more
Github announced the discovery of more than 4 million vulnerabilities located in 500,000 plus repositories.
The NSA — the United States intelligence agency which is known for its secrecy and working in the dark — has finally joined GitHub and launched an official GitHub page.
The NSA employs genius-level coders and brightest mathematicians, who continually work to break codes, gather intelligence on everyone, and develop hacking tools like EternalBlue that was leaked by the Shadow Brokers in April and abused by the WannaCry ransomware last month to wreak havoc worldwide. The intelligence agency mostly works in secret, but after Edward Snowden leaks in 2013, the NSA has started opening itself to the world.Read more
Open-source developers who use Github are in the cross-hairs of advanced malware that can steal passwords, download sensitive files, take screenshots, and self-destruct when necessary.
Dimnie, as the reconnaissance and espionage trojan is known, has largely flown under the radar for the past three years. It mostly targeted Russians until early this year, when a new campaign took aim at multiple owners of Github repositories. One commenter in this thread reported the initial infection e-mail was sent to an address that was used solely for Github, and researchers told they have no evidence it targeted anyone other than Github developers.Read more
A new tech recruitment project scraped user data from GitHub and other similar websites and inadvertently leaked it online through a misconfigured MongoDB database. Australian security expert was recently provided a 600 Mb MongoDB backup file containing data from a tech recruitment website called GeekedIn.
A closer analysis revealed that the file contained information on more than 8 million GitHub profiles, including names, email addresses and other data. However, just over one million of the exposed email addresses are valid. The MongoDB database also included thousands of accounts apparently taken from BitBucket.Read more
A chap who found two serious security bugs in Git servers and clients has urged people to patch their software. The flaws are present in Git, meaning the vulnerabilities have been lurking in the open-source version control tool for years.
It is possible these two programming blunders can be potentially exploited to corrupt memory or execute malicious code on remote servers and clients. To do so, an attacker would have to craft a Git repository with a tree of files that have extremely long filenames, and then push the repo to a vulnerable server or let a vulnerable client clone it from the internet.Read more
A popular coding website of the USA is enduring an onslaught of Internet traffic meant for China’s most popular search engine, and security experts say the episode likely represents an attempt by China to shut down anticensorship tools.
The attack on a service world-wide software development used by programmers and major tech firms appears to underscore how China’s Internet censors increasingly reach outside the country to clamp down on content they find objectionable. Security experts said the traffic onslaught directed huge amounts of traffic from overseas users of Chinese search giant Baidu Inc. to GitHub.Read more