GitHub is under automated attack by millions of cloned repositories filled with malicious code
www.pcgamer.com
Thanks to a combination of sophisticated methodology and social engineering, this particular attack seems to be very difficult to stop.

GitHub is under automated attack by millions of cloned repositories filled with malicious code.::Thanks to a combination of sophisticated methodology and social engineering, this particular attack seems to be very difficult to stop.

  • hatedbad@lemmy.sdf.orgEnglish
    11·
    8 months ago

    a decentralized community that correctly prioritizes security would absolutely be using signed commits and other web-of-trust security practices to prevent this sort of problem

    • conciselyverbose@sh.itjust.worksEnglish
      3·
      8 months ago

      New accounts exist and have good reason to exist. You can’t and shouldn’t ban new accounts from creating projects.

      Anyone capable of understanding what “web of trust” means is already way too sophisticated to be misled by these fake projects.