Pile up an egg (Codeegg) is pushed the 616th times civil
Come from: Sunken blame temple
Report: Quanta
The base camp of programmer was atttacked by the hacker!
With respect to the last day in 51 holiday, a few programmer examine him mandatory the discovery when the code to GitHub, their source code and Repo already disappeared disappear, those who replace is one when the hacker stays blackmails a letter!
Express in this letter, they had downloaded source code and memory arrived on his server.
The victim wants to be in 10 days in, pay 0.1 bit money toward specific account (add up to a RMB about 3800 yuan) , otherwise they will publish code, or use them with other way.
The code that should look for you to lose prevents code leak: 0.1 bit money (BTC) sends the 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA of bit money address to us, contact through mail and us, entry information mixes the Git that offers you pay proof. The address is Admin[at]gitsbackup[dot]com.
If we are in what you did not receive inside 10 days next to pay, we will publish your code or use them with other way.
From the point of this minatory speech, those who be atttacked is GitHub go up demesne library. And, it is GitHub not just, other code is mandatory website GitLab, Bitbucket also got atttack.
The attack of arise suddenly
According to the search on GitHub data shows, altogether had 373 users to be atttacked. According to the data that GitLab publishs, the hacker can visit 131 all users and 163 memory warehouse at least.
These getting that atttack store the code of the library and submit information, all by the name is " Gitbackup " Zhang date is deleted.
On each big gregarious media, a few victims will ascribe to by attack the SourceTree of process of Git GUI application that Atlassian develops, think the hacker exploited among them loophole.
But the limits that attack affects covers many platform, the Register report says, this attack is probable it is to be aimed at the memory library with involuntary poorer security, is not specific flaw.
According to ZdNet report, the hacker may be the Git configuration on scanning Internet, extracted among them entry proof to log onto Git library next, this operation that will finish.
End to distribute news dispatches time, still do not have a person to pay ransom money to the bit money account of aggressor. Those who replace is, address of money of this one bit sufferred many informing against.
Show according to Bitcoin Abuse database, already 31 people informed against address of money of this one bit, showing the other side is a hacker, the hope deletes an address.
ZdNet reporter Catalin Cimpanu expresses, attack has stopped now, the case that is atttacked without new account appears.
Suffer attack not confused
According to the official statement of GitLab, this the question with hacker attack the biggest event is in user:
"We have sufficient evidence to make clear, the password that gets influence account is with memory of form of proclaimed in writing in the deploy of relevant code library. The password that gets influence account is with memory of form of proclaimed in writing in the deploy of relevant code library..
Because this raises safe consciousness,just be him protection the best method of code, law of lower part of GitLab proposal in order to prevents a password by hacker purloin:
Use strong code, reduce the risk of the solution that be defeated by the hacker;
Manage tool memory password with the password, do not use proclaimed in writing;
Test and verify of identity of open double element, use SSH close key to rise.
If you had been enrolled in misfortune, not rapid also move makes ransom money, because although make money,also cannot assure,code won't be made public by the hacker.
As to the code that has been deleted, an inchoate victim points out in StackExchange forum, code still is in actually, can restore to come out, it is HEAD was revised by the hacker only just.
He still gave out a series of help, be recommended by GitLab government.
Input the following code:
git checkout origin/mastergit reflog # take the SHA of the last commit of yoursgit reset [SHA]
Can see a hacker submit a record, and repair Origin/master. But the problem has not been solved completely, if input Git Status, still can show:
HEAD detached from origin/master
If you backed up in this locality code, that with respect to easy to handle, enforce this locality code directly Push goes up:
git push origin HEAD:master --force
If you do not have backup in this locality, still can overcome from long-range library grand, git Fsckk can find the last time to refer and perhaps change HEAD with Git Reflog.
The likelihood that needs concern exclusively next is a hacker whether can announce you demesne code.
What code is made public is painful
Be made public about code, a few companies of domestic also have keenly felt pain.
For instance big border, the employee before one of names, in the communal storehouse that will contain code of company business secret to upload GitHub, cause source code to divulge.
According to these source code, aggressor is OK key of SSL certificate illicit, visit sensitive information of the client, for instance user information, flight log is waited a moment.
The basis is evaluated, this leak code altogether gives big border caused the pecuniary loss of 1.164 million.
Before before long, divulged incident to also get a court decision about this one code:
Set term of imprisonment 6 months, punish gold 200 thousand.
Recently, the source code that B stands also is gone to publicly GitHub, although be sealed very quickly to ban, b station also has called the police processing, but have many netizen clone code library, hidden trouble has been buried below, remedy rise to also headache very.
If the hacker published all code that get this, the blow that be drowned may be for small to wh some of which group.
Near future article:
Programmer holiday is about joy is spent
Do you think to understand programmer very much?
Programmer crosses the optimal pose of 51
Now problem:
Does everybody feel which safety the source puts?
Will quickly pile up son company group solution locks up new posture! Company group upgrade: Max your study efficiency