Gentoo Linu x github 账号 6 月 28 日 被黑,所有 ebuild 文件被加入 rm -rf
onion83 · 2018-07-06 09:58:41 +08:00 · 3825 次点击这是一个创建于 2336 天前的主题,其中的信息可能已经有所发展或是发生改变。
2018-06-28
20:05 2nd to last known legimate commit to gentoo/gentoo. Matches git.gentoo.org/repo/gentoo.git
Auto-pushed by mirror bot.
Commit ID 38281f4252f89e3ef9cbae54dfc1ad553d296979
20:08 Last known legimate commit to gentoo/musl. matches git.gentoo.org/proj/musl.git.
Commit ID 60461ca1385809bacf6a114a7f1ecfe22f6da47f
20:19 Attacker tries a bad password on the account.
20:19 Attacker successfully gains administrative access
20:25 Attacker invites a dummy account to the org
20:25 Attacker creates a dummy account with administrative access.
20:25 Last known legimate commit to gentoo/gentoo. Matches git.gentoo.org/repo/gentoo.git
Auto-pushed by mirror bot.
Commit ID 73b724093b9c2a8756b8c35d3e09793342fa9ca9
Does NOT appear in the GitHub audit log for the org.
20:25 Attacker starts removing valid users
20:26 Earliest email timestamp of someone being removed from the organization.
20:29 First person notices that something is going on with the GitHub organization
20:30 Attacker invites a second malicious user.
20:32 Attacker adds second malicious user with admin privileges.
20:34 Malicious commit to gentoo/gentoo, 73b72409->fdd8da2e
adds readme.me file with racist text.
20:36 First report to Infra that something is going on with the GitHub organization.
20:38 Malicious commit to gentoo/gentoo, fdd8da2e->49464b73.
adds rm -rf /*& at the top of skel.ebuild
20:39 Attacker changes billing email, the first time.
20:45 Malicious commit 49464b73 is first noticed
20:48 Attacker changes billing email, the second time
20:49 First abuse report to GitHub support
20:50 Malicious commit to gentoo/gentoo, 49464b73->afcdc03b.
adds rm -rf /* at the top of every ebuild.
20:51 Infra's informal contact to GitHub via multiple personal channels
20:53 Second abuse report to GitHub
20:55 Malicious commit to gentoo/gentoo, afcdc03b->e6db0eb4, force-push.
Squash of entire history as of afcdc03b (rm -rf /* in ebuilds)
……
Via: https://wiki.gentoo.org/wiki/Github/2018-06-28
20:05 2nd to last known legimate commit to gentoo/gentoo. Matches git.gentoo.org/repo/gentoo.git
Auto-pushed by mirror bot.
Commit ID 38281f4252f89e3ef9cbae54dfc1ad553d296979
20:08 Last known legimate commit to gentoo/musl. matches git.gentoo.org/proj/musl.git.
Commit ID 60461ca1385809bacf6a114a7f1ecfe22f6da47f
20:19 Attacker tries a bad password on the account.
20:19 Attacker successfully gains administrative access
20:25 Attacker invites a dummy account to the org
20:25 Attacker creates a dummy account with administrative access.
20:25 Last known legimate commit to gentoo/gentoo. Matches git.gentoo.org/repo/gentoo.git
Auto-pushed by mirror bot.
Commit ID 73b724093b9c2a8756b8c35d3e09793342fa9ca9
Does NOT appear in the GitHub audit log for the org.
20:25 Attacker starts removing valid users
20:26 Earliest email timestamp of someone being removed from the organization.
20:29 First person notices that something is going on with the GitHub organization
20:30 Attacker invites a second malicious user.
20:32 Attacker adds second malicious user with admin privileges.
20:34 Malicious commit to gentoo/gentoo, 73b72409->fdd8da2e
adds readme.me file with racist text.
20:36 First report to Infra that something is going on with the GitHub organization.
20:38 Malicious commit to gentoo/gentoo, fdd8da2e->49464b73.
adds rm -rf /*& at the top of skel.ebuild
20:39 Attacker changes billing email, the first time.
20:45 Malicious commit 49464b73 is first noticed
20:48 Attacker changes billing email, the second time
20:49 First abuse report to GitHub support
20:50 Malicious commit to gentoo/gentoo, 49464b73->afcdc03b.
adds rm -rf /* at the top of every ebuild.
20:51 Infra's informal contact to GitHub via multiple personal channels
20:53 Second abuse report to GitHub
20:55 Malicious commit to gentoo/gentoo, afcdc03b->e6db0eb4, force-push.
Squash of entire history as of afcdc03b (rm -rf /* in ebuilds)
……
Via: https://wiki.gentoo.org/wiki/Github/2018-06-28
 |
1
zhustec 2018-07-06 10:59:09 +08:00 via iPad
致远星战况如何
|
 |
2
Rasphino 2018-07-06 11:03:30 +08:00 via Android
楼主在发帖前能看看今天几号吗
|
 |
3
fuxiaohei 2018-07-06 11:06:51 +08:00
当时就制止了
|
 |
4
onion83 OP 如果你不是 G 粉,请先不要没看链接就开喷,官方昨晚才宣布这次事故 resolved.
我希望分享的是一个 story 而不是一个 news. |
 |
5
zjp 2018-07-06 13:06:05 +08:00 via Android
一楼起的坏头
不过我还是没看明白怎么弄到的 Github 账号,暴力穷举?"tries a bad password" |
 |
7
greenskinmonster 2018-07-06 13:21:30 +08:00
没开两步验证吗?
|
Select Language