Weak SSH keys opened many GitHub repositories to compromise

Discussion in 'privacy technology' started by ronjor, Jun 3, 2015.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,770
    Location:
    Texas
    http://www.net-security.org/secworld.php?id=18459
     
  2. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    D**n, not a good week for open source software between this and the Source Forge/Gimp debacle. At least these are problems with infrastructure, not concept.
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    It's not just Gimp :( The Nmap developer was complaining yesterday. And many other projects are apparently being served with sides of malware :(
     
  4. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Man this is unfortunate. I wish software and code providers would be required to & consistently use PGP/GPG to sign the stuff they put up for grabs! As a code user that is trying really hard to remain secure; I always feel confident when I "down" a file/code authenticated by a 4K PGP key which I have verified. At that point a bad actor or MITM idiot becomes moot.
     
Loading...