https://www.zdnet.co...g-for-a-ransom/
http://www.elvastower.com/forums/public/style_emoticons/default/buffalobill.png <<<<< creeeps
Page 1 of 1
Git Repositories Ransomed is thie affecting OR??
#2
Posted 09 June 2019 - 04:24 AM
Do we have a backup and DR strategy for the source code???
#3
Posted 09 June 2019 - 07:19 AM
Well, if the menace is that they make the code public we have nothing to be afraid of, as our code IS public. And many of us have local clones of the OR Git master.
#4
Posted 09 June 2019 - 04:22 PM
Its not the exposure of source code, but rather encryption of the source with 256 bit cypher. Only willing to decrypt for bit coin payment.
#5
Posted 10 June 2019 - 10:09 AM
One wonders why somebody would put proprietary source code, unencrypted, in Github to start with? :sign_oops:
#6
Posted 11 June 2019 - 09:35 AM
Mike B, on 10 June 2019 - 10:09 AM, said:
One wonders why somebody would put proprietary source code, unencrypted, in Github to start with?
One of my Computing students put his final year project on GitHub and the key to his Amazon Cloud account was embedded in the source.
It was found by a third party who then went on to run up a bill for several thousand pounds by consuming time on my student's Cloud account (possibly mining bit-coin).
It was not a happy experience and I'm sharing it here as a warning.
#7
Posted 13 June 2019 - 05:56 AM
If the repository is fully cloned and backed up, then an encryption/ransom attack is nothing but a lost time nuisance for however long it takes to restore from backup. This is fundamentally why full backups are so important in the era of crypto attacks.
GitHub is for public open-source projects by design. Nothing you don't want publicly shared should ever be put there; it can and will be used by someone else -- because that's GitHub's purpose. Microsoft is moving to Git repositories for all their source control, but only the public open-sourced projects go to GitHub -- the proprietary stuff stays in their own in-house Git repository. GitHub is very useful when you want the world-wide access. But it's not the only way to implement Git. I'm not sure if some young, new aspiring programmers fully understand that...
GitHub is for public open-source projects by design. Nothing you don't want publicly shared should ever be put there; it can and will be used by someone else -- because that's GitHub's purpose. Microsoft is moving to Git repositories for all their source control, but only the public open-sourced projects go to GitHub -- the proprietary stuff stays in their own in-house Git repository. GitHub is very useful when you want the world-wide access. But it's not the only way to implement Git. I'm not sure if some young, new aspiring programmers fully understand that...
Page 1 of 1