Log In
Register Now!
Help
https://www.zdnet.co...g-for-a-ransom/
http://www.elvastower.com/forums/public/style_emoticons/default/buffalobill.png <<<<< creeeps
Page 1 of 1
Git Repositories Ransomed
is thie affecting OR??
Rate Topic:
#1
- Executive Vice President
-
- Group: ET Admin
- Posts: 3,441
- Joined: 14-March 13
- Gender:Male
- Location:known universe
- Simulator:Open Rails
-
Country:
Posted 08 June 2019 - 01:37 PM
#2
- Open Rails Developer
-
- Group: Status: Elite Member
- Posts: 3,179
- Joined: 25-July 08
- Gender:Male
- Location:Manasquan, NJ
- Simulator:Open Rails, MSTS editors
-
Country:
Posted 09 June 2019 - 04:24 AM
Do we have a backup and DR strategy for the source code???
#3
- Member, Board of Directors
-
- Group: Status: Elite Member
- Posts: 7,000
- Joined: 31-December 11
- Gender:Male
-
Country:
Posted 09 June 2019 - 07:19 AM
Well, if the menace is that they make the code public we have nothing to be afraid of, as our code IS public. And many of us have local clones of the OR Git master.
#4
- Open Rails Developer
-
- Group: Status: Elite Member
- Posts: 3,179
- Joined: 25-July 08
- Gender:Male
- Location:Manasquan, NJ
- Simulator:Open Rails, MSTS editors
-
Country:
Posted 09 June 2019 - 04:22 PM
Its not the exposure of source code, but rather encryption of the source with 256 bit cypher. Only willing to decrypt for bit coin payment.
#5
- Superintendant
-
- Group: Status: Elite Member
- Posts: 1,085
- Joined: 18-January 13
- Gender:Not Telling
- Location:Pacific Time
- Simulator:Mostly ORTS these days
-
Country:
Posted 10 June 2019 - 10:09 AM
One wonders why somebody would put proprietary source code, unencrypted, in Github to start with? :sign_oops:
#6
- Vice President
-
- Group: ET Admin
- Posts: 2,867
- Joined: 03-May 11
- Gender:Male
- Location:Peterborough, UK
- Simulator:Open Rails
-
Country:
Posted 11 June 2019 - 09:35 AM
Mike B, on 10 June 2019 - 10:09 AM, said:
One wonders why somebody would put proprietary source code, unencrypted, in Github to start with?
One of my Computing students put his final year project on GitHub and the key to his Amazon Cloud account was embedded in the source.
It was found by a third party who then went on to run up a bill for several thousand pounds by consuming time on my student's Cloud account (possibly mining bit-coin).
It was not a happy experience and I'm sharing it here as a warning.
#7
- Fireman
-
- Group: Status: Active Member
- Posts: 217
- Joined: 07-December 11
- Gender:Male
- Location:New England
- Simulator:Open Rails / Sometimes MSTS
-
Country:
Posted 13 June 2019 - 05:56 AM
If the repository is fully cloned and backed up, then an encryption/ransom attack is nothing but a lost time nuisance for however long it takes to restore from backup. This is fundamentally why full backups are so important in the era of crypto attacks.
GitHub is for public open-source projects by design. Nothing you don't want publicly shared should ever be put there; it can and will be used by someone else -- because that's GitHub's purpose. Microsoft is moving to Git repositories for all their source control, but only the public open-sourced projects go to GitHub -- the proprietary stuff stays in their own in-house Git repository. GitHub is very useful when you want the world-wide access. But it's not the only way to implement Git. I'm not sure if some young, new aspiring programmers fully understand that...
GitHub is for public open-source projects by design. Nothing you don't want publicly shared should ever be put there; it can and will be used by someone else -- because that's GitHub's purpose. Microsoft is moving to Git repositories for all their source control, but only the public open-sourced projects go to GitHub -- the proprietary stuff stays in their own in-house Git repository. GitHub is very useful when you want the world-wide access. But it's not the only way to implement Git. I'm not sure if some young, new aspiring programmers fully understand that...
Page 1 of 1