Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

A bit far-fetched perhaps, but could it be that this attack on Github's front-end was a mere feint for a separate attack on their back-end?

If there's a repo hosted there that someone in China wanted to modify, perhaps they would use DOS as cover for a surreptitious maneuver which might otherwise get noticed.

This is likely just showing my ignorance of Git, but could an attacker having sufficient compute resources to arrange a Git hash collision and having back-end access to Github, modify sources without it being noticed by the repo owner?



This is actually a very good and interesting question. It would be good if Github started to at least show signed commits and on a per repo level block non-signed commits.

And Git should migrate to something better than SHA1.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: