Hey infosec peeps, anyone got an inside scoop on what’s going on with these bogus co-authored commit tags on GitHub? The attackerDOS/B repo has been taken down, so I can’t look at the commits that I supposedly co-authored. I have FIDO2 MFA on my account, so I’m reasonably certain that no one could have actually committed code to this repo under my account, but I’m also not super familiar with how co-authoring works.

#InfoSec #CyberSecurity #GitHub #attackerDOS

  • Tyoda
    2·
    13 days ago

    You can have Linus Torvalds listed in your private repo as a contributor if you just push a commit with his email address in git config user.email. Probably something similar.

    Based on the username, they are trying to DOS github by tagging an unexpected number of users. GL lol.

    • James Bartlett :terminal:@techhub.socialOP
      1·
      13 days ago

      @Tyoda@lemm.ee yeah, that’s kinda what I figured might be happening, but I thought I should still ask the experts, just in case. I used to work in cybersecurity, but that was back in the #Sasser worm era (IYKYK 😅), so I’m more than a little rusty.