Web lists-archives.com

Git ransom campaign incident report - May 2019




Spotted this on the internet...

https://github.blog/2019-05-14-git-ransom-campaign-incident-report/

Haven't hacked on git for a while, and I am not affiliated with any of
the stakeholders. However, reading it, I wanted to slam my head on the
desk.

IIRC, git will sanely store a password elsewhere if it gets to prompt
for it. Should we be trying to unpack usernames/passwords from HTTP
urls, and DTRT with them?

Are there other ways this could be made better?

cheers,


martin
-- 
 martin.langhoff@xxxxxxxxx
 - ask interesting questions  ~  http://linkedin.com/in/martinlanghoff
 - don't be distracted        ~  http://github.com/martin-langhoff
   by shiny stuff