Quoting Arnt Karlsen ([email protected]): > ..are we still good to go? Ransomware threats on git repos in El Reg: > https://www.theregister.co.uk/2019/05/03/git_ransomware_bitcoin/ > https://security.stackexchange.com/questions/209448/gitlab-account-hacked-and-repo-wiped > https://www.bitcoinabuse.com/reports/1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA
Memos from Captain Obvious: 1. Don't leave security-sensitive credentials sitting around in publicly accessible .git subdirectories on publicly accessible servers. 2. When using a distributed SCM such as git, use it in distributed fashion such that full contents including all metadata exist in multiple places. Otherwise, if you need to take seriously feeble extortion demands because you haplessly have no backups of your repos, people are likely to laugh and point. 3. Don't take El Reg seriously on anything relevant to security. (Where's Rick, May 8-20 edition: San Francisco, Copenhagen, Nice, St. Tropez, Cannes, Monte Carlo, Calvi, Bonifacio, Port Ercole, Rome, Copenhagen, San Francisco. Catch him, and win valuable prizes.) -- Cheers, "I am not a vegetarian because I love animals; Rick Moen I am a vegetarian because I hate plants." [email protected] -- A. Whitney Brown McQ! (4x80) _______________________________________________ Dng mailing list [email protected] https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
