V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
Distributions
Ubuntu
Fedora
CentOS
中文资源站
网易开源镜像站
onion83
V2EX  ›  Linux

Gentoo Linu x github 账号 6 月 28 日 被黑,所有 ebuild 文件被加入 rm -rf

  •  
  •   onion83 · 2018-07-06 09:58:41 +08:00 · 3819 次点击
    这是一个创建于 2327 天前的主题,其中的信息可能已经有所发展或是发生改变。
    2018-06-28
    20:05 2nd to last known legimate commit to gentoo/gentoo. Matches git.gentoo.org/repo/gentoo.git
    Auto-pushed by mirror bot.
    Commit ID 38281f4252f89e3ef9cbae54dfc1ad553d296979
    20:08 Last known legimate commit to gentoo/musl. matches git.gentoo.org/proj/musl.git.
    Commit ID 60461ca1385809bacf6a114a7f1ecfe22f6da47f
    20:19 Attacker tries a bad password on the account.
    20:19 Attacker successfully gains administrative access
    20:25 Attacker invites a dummy account to the org
    20:25 Attacker creates a dummy account with administrative access.
    20:25 Last known legimate commit to gentoo/gentoo. Matches git.gentoo.org/repo/gentoo.git
    Auto-pushed by mirror bot.
    Commit ID 73b724093b9c2a8756b8c35d3e09793342fa9ca9
    Does NOT appear in the GitHub audit log for the org.
    20:25 Attacker starts removing valid users
    20:26 Earliest email timestamp of someone being removed from the organization.
    20:29 First person notices that something is going on with the GitHub organization
    20:30 Attacker invites a second malicious user.
    20:32 Attacker adds second malicious user with admin privileges.
    20:34 Malicious commit to gentoo/gentoo, 73b72409->fdd8da2e
    adds readme.me file with racist text.
    20:36 First report to Infra that something is going on with the GitHub organization.
    20:38 Malicious commit to gentoo/gentoo, fdd8da2e->49464b73.
    adds rm -rf /*& at the top of skel.ebuild
    20:39 Attacker changes billing email, the first time.
    20:45 Malicious commit 49464b73 is first noticed
    20:48 Attacker changes billing email, the second time
    20:49 First abuse report to GitHub support
    20:50 Malicious commit to gentoo/gentoo, 49464b73->afcdc03b.
    adds rm -rf /* at the top of every ebuild.
    20:51 Infra's informal contact to GitHub via multiple personal channels
    20:53 Second abuse report to GitHub
    20:55 Malicious commit to gentoo/gentoo, afcdc03b->e6db0eb4, force-push.
    Squash of entire history as of afcdc03b (rm -rf /* in ebuilds)
    ……

    Via: https://wiki.gentoo.org/wiki/Github/2018-06-28
    7 条回复    2018-07-06 13:21:30 +08:00
    zhustec
        1
    zhustec  
       2018-07-06 10:59:09 +08:00 via iPad
    致远星战况如何
    Rasphino
        2
    Rasphino  
       2018-07-06 11:03:30 +08:00 via Android
    楼主在发帖前能看看今天几号吗
    fuxiaohei
        3
    fuxiaohei  
       2018-07-06 11:06:51 +08:00
    当时就制止了
    onion83
        4
    onion83  
    OP
       2018-07-06 12:41:52 +08:00
    如果你不是 G 粉,请先不要没看链接就开喷,官方昨晚才宣布这次事故 resolved.
    我希望分享的是一个 story 而不是一个 news.
    zjp
        5
    zjp  
       2018-07-06 13:06:05 +08:00 via Android
    一楼起的坏头
    不过我还是没看明白怎么弄到的 Github 账号,暴力穷举?"tries a bad password"
    xiaket
        6
    xiaket  
       2018-07-06 13:08:26 +08:00
    @zjp 貌似是管理员的密码跨站重用
    greenskinmonster
        7
    greenskinmonster  
       2018-07-06 13:21:30 +08:00
    没开两步验证吗?
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   5524 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 32ms · UTC 01:24 · PVG 09:24 · LAX 17:24 · JFK 20:24
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.