Federati Nu: Federated N-series GNU Social
  • Login
It's "All Of Us For All Of Us" Or We're On Our Own

  • Public

    • Public
    • Groups
    • Popular
    • People

Conversation

Notices

  1. GeniusMusing (geniusmusing@nu.federati.net)'s status on Thursday, 28-Jun-2018 23:49:17 UTC GeniusMusing GeniusMusing
    GitHub Gentoo Organization Hacked Slashdot
    https://it.slashdot.org/story/18/06/28/2240254/github-gentoo-organization-hacked

    >Longtime Slashdot reader Chutzpah shares a report from Gentoo Linux, a Linux distribution built using the Portage package management system:
    >June 28 at approximately 20:20 UTC unknown individuals have gained control of the Github Gentoo organization, and modified the content of repositories as well as pages there. We are still working to determine the exact extent and to regain control of the organization and its repositories. All Gentoo code hosted on GitHub should for the moment be considered compromised.
    >
    >This does NOT affect any code hosted on the Gentoo infrastructure. Since the master Gentoo ebuild repository is hosted on our own infrastructure and since Github is only a mirror for it, you are fine as long as you are using rsync or webrsync from gentoo.org.
    >Details are sparse, but we will update this story once we learn more.

    https://www.gentoo.org/news/2018/06/28/Github-gentoo-org-hacked.html
    In conversation Thursday, 28-Jun-2018 23:49:17 UTC from web permalink
    • LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Friday, 29-Jun-2018 00:52:32 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
      in reply to
      @geniusmusing The question to ask after #Gentoo regains control of its #Github organization (or moves entirely off that site) is whether this was a weakness in Github or in the procedures that Gentoo's developers follow. (I've heard of other projects which did not have control of their GH organizations, but they may have been some sort of split among ach project's developers.)
      In conversation Friday, 29-Jun-2018 00:52:32 UTC permalink
    • GeniusMusing (geniusmusing@nu.federati.net)'s status on Friday, 29-Jun-2018 01:14:43 UTC GeniusMusing GeniusMusing
      in reply to
      • LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
      I just wonder if this is the first of many GH FOSS attacks or just random hack.

      Maybe related, it would depend on how long they were in:
      Git security vulnerability could lead to an attack of the repo clones • The Register
      https://nu.federati.net/url/147170

      >A new version of Git has been emitted to ward off attempts to exploit a potential arbitrary code execution vulnerability – which can be triggered by merely cloning a malicious repository.
      In conversation Friday, 29-Jun-2018 01:14:43 UTC permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

Federati Nu: Federated N-series GNU Social is a social network, courtesy of Federati Networks. It runs on GNU social, version 2.0.0-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All Federati Nu: Federated N-series GNU Social content and data are available under the Creative Commons Attribution 3.0 license.

Switch to mobile site layout.