Hey infosec peeps, anyone got an inside scoop on what’s going on with these bogus co-authored commit tags on GitHub? The attackerDOS/B repo has been taken down, so I can’t look at the commits that I supposedly co-authored. I have FIDO2 MFA on my account, so I’m reasonably certain that no one could have actually committed code to this repo under my account, but I’m also not super familiar with how co-authoring works.

#InfoSec #CyberSecurity #GitHub #attackerDOS

  • Tyoda@lemm.ee
    link
    fedilink
    arrow-up
    1
    ·
    2 months ago

    You can have Linus Torvalds listed in your private repo as a contributor if you just push a commit with his email address in git config user.email. Probably something similar.

    Based on the username, they are trying to DOS github by tagging an unexpected number of users. GL lol.

  • John Richard@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    2 months ago

    Is it possible that a repo you committed to got taken over and renamed? Furthermore, MicrosoftHub likely only checks basic info when tying users to commits so you could prob add any repo to GitHub and have it show that users committed that never actually did.