GitHub is under automated attack by millions of cloned repositories filled with malicious code.
GitHub is under automated attack by millions of cloned repositories filled with malicious code.
Thanks to a combination of sophisticated methodology and social engineering, this particular attack seems to be very difficult to stop.
GitHub is under automated attack by millions of cloned repositories filled with malicious code.::Thanks to a combination of sophisticated methodology and social engineering, this particular attack seems to be very difficult to stop.
So they are poisoning GitHub copilot?
What kind of lowlife attacks GitHub of all places?!
https://www.eigenmagic.com/2010/12/31/why-some-people-hate-microsoft-a-history-lesson/
it's worth the read, but the conclusion at the end is important
Who cares?
Well, everyone who uses a computer should, particularly if we consider what might have happened if Microsoft hadn’t abused their market power. When a monopolist abuses their power, customers all lose, because they don’t get to enjoy the more rapid improvements that robust competition provides. It’s one of the key reasons we think competition is a good thing.
[...] But lastly, and this is the big one for me, we might not have a monoculture of operating system on the Internet with such a poor security model.
[...] Imagine a world where Symantec didn’t exist, because viruses weren’t so easy to write and spread to all the world’s computers. Imagine a world where spam didn’t constitute 90% of all email because it wasn’t so easy to take over a PC and turn it into a botnet zombie. Imagine not having to do impromptu tech-support for family members who accidentally installed a bunch of spyware.
[...]Imagine all the time and money that has been, and continues to be, spent on fixing all of the issues that a better security model 10-15 years ago might have avoided.
In Summary
Microsoft have made (or bought) some excellent products, as they continue to do. There are many wise, capable, and perfectly reasonable people who work there, what with it being a big company and all. This is not a company that is an unrestrained force for evil in the world.
However.
Microsoft have a history of abusing market dominance in order to exclude competitors. Many of the top management running the company at the time are still there, running the company today.
Perhaps there will be no repeat performances, but there are very good reasons for greeting rhetoric from Microsoft regarding their openness with some scepticism.
Inflammatory headline aside, let me be clear that I don’t hate Microsoft. But I can understand why there are those who do.
The smart kind of lowlife. Because it’s a very large and generally trusted source, meaning it’s an excellent vector for attacks. Sometimes the simplest reason is the most likely.
Meh, they practically fold at every complaint to takedown tools that get accused of piracy.
Nintendo especially gets annoying about deleting every possible fork of some tiny script that extracts the switch keys.
Plus it's Microsoft, let them deal with it lol.
That's why you should migrate to a Forgejo or GitLab instance.
Any thoughts on codeberg? I've seen a project or to there.
No open repo is safe from attacks like this.
Wtf why is this being downvoted
Because they obviously didn't read the article?
Unless you only use software and libraries hosted on gitlab, which you don't, then that's immaterial to this problem. GitHub is a target because of it's size, Gitlab and friends are seemingly just as vulnerable to this sort of attack, which ONLY works because of human nature. Which last I checked is the same regardless of platform...
Automated bot attack
Everyone should have migrated already anyway.