News

The GitHub source code has been uploaded to GitHub. The company denies the hack

Unknown people uploaded the source code of GitHub and GitHub Enterprise to a special section for DMCA complaints on GitHub. Moreover, the sources were published through a commit, designed in such a way as if it comes from the head of GitHub Nat Friedman himself.

However, in a post published on YCombinator Hacker News, Friedman stated that he did not put the source, and that GitHub was not compromised in any way.

“Hi folks, I’m the CEO of GitHub. GitHub hasn’t been hacked. … In summary: everything is fine, situation normal, the lark is on the wing, the snail is on the thorn, and all’s right with the world”, — wrote Nat Friedman.

According to him, this leak does not include all the GitHub code, but only the GitHub Enterprise Server. This product is intended for companies, with its help they can run GitHub Enterprise on their local servers, if, for example, for security reasons, they need to store the sources locally.

Friedman writes that this code was “leaked” a few months ago due to a mistake by the GitHub engineers themselves, who mistakenly sent non-obfuscated and unprotected sources to clients.

In his message, the head of GitHub promised that the errors that were used for posting a code will soon be fixed, and unauthorized persons will no longer be able to attach code to other people’s projects and forge other people’s identities.

“We accidentally shipped an un-stripped/obfuscated tarball of our GitHub Enterprise Server source code to some customers a couple of months ago. It shares code with github.com. Git makes it trivial to impersonate unsigned commits, so we recommend people sign their commits and look for the ‘verified’ label on GitHub to ensure that things are as they appear to be. As for repo impersonation – stay tuned, we are going to make it much more obvious when you’re viewing an orphaned commit”, — reported Nat Friedman.

It should be noted that one of these bugs has already been used quite recently. It all started with the deletion of the youtube-dl project and its numerous copies from GitHub, while infuriated users were forced to upload the youtube-dl source code wherever they could, including the same repository with DMCA notifications on GitHub.

The likely unidentified person who posted the source code of the GitHub Enterprise Server also protested against the removal of youtube-dl and the RIAA complaint, as did many other users.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove News-bpudepi.today pop-up ads (Virus Removal Guide)

News-bpudepi.today is a domain that tries to trick you into subscribing to its browser notifications…

23 hours ago

Remove Doguhtam.xyz pop-up ads (Virus Removal Guide)

Doguhtam.xyz is a site that tries to trick you into subscribing to its browser notifications…

23 hours ago

Remove News-xlixoti pop-up ads (Virus Removal Guide)

News-xlixoti.com is a site that tries to force you into subscribing to its browser notifications…

23 hours ago

Remove Ducesousightion pop-up ads (Virus Removal Guide)

Ducesousightion.com is a domain that tries to trick you into clik to its browser notifications…

23 hours ago

Remove News-xlabica.live pop-up ads (Virus Removal Guide)

News-xlabica.live is a domain that tries to trick you into clik to its browser notifications…

23 hours ago

Remove Mergechain.co.in pop-up ads (Virus Removal Guide)

Mergechain.co.in is a site that tries to trick you into subscribing to its browser notifications…

23 hours ago