GitHub is under automated attack by millions of cloned repositories filled with malicious code.::Thanks to a combination of sophisticated methodology and social engineering, this particular attack seems to be very difficult to stop.
GitHub is under automated attack by millions of cloned repositories filled with malicious code.::Thanks to a combination of sophisticated methodology and social engineering, this particular attack seems to be very difficult to stop.
No, it’s not. Not in literally any way. Not 1%. Not 0.000000000000000001%. You don’t even get security by obscurity as a nebulous benefit because the core mechanisms are basically the same between instances.
No projects are being compromised. They’re being imitated and passed off as the real thing to the naive. You can just as easily do that on another server (including established ones by adding multiple domains to your scripts) when people expect to use thousands of different git hosts as you can on GitHub, except without the benefit of the scale of Microsoft’s expertise at handling this type of attack.
I’m all for federated git being the way forward. I’d love to see it grow into a reasonable option. But it has no benefit in any context against an attack like this.