Github Attack Attempt

Chat about just about anything else
Post Reply
User avatar
Fred Barclay
Level 12
Level 12
Posts: 4204
Joined: Sat Sep 13, 2014 11:12 am
Location: Bumping around in the bush

Github Attack Attempt

Post by Fred Barclay » Thu Jun 16, 2016 1:26 pm

Reminder: Don't reuse passwords!
On Tuesday evening PST, we became aware of unauthorized attempts to access a large number of GitHub.com accounts. This appears to be the result of an attacker using lists of email addresses and passwords from other online services that have been compromised in the past, and trying them on GitHub accounts. We immediately began investigating, and found that the attacker had been able to log in to a number of GitHub accounts.

GitHub has not been hacked or compromised.
https://github.com/blog/2190-github-sec ... ord-attack

If you have a GitHub account, keep this in mind especially if you reused a password (but you wouldn't do that, would you?).
Even if you don't use GitHub, it's good to schedule a periodic password review and change for all of your online accounts.
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein

BigEasy
Level 6
Level 6
Posts: 1239
Joined: Mon Nov 24, 2014 9:17 am
Location: Chrząszczyżewoszyce, powiat Łękołody

Re: Github Attack Attempt

Post by BigEasy » Thu Jun 16, 2016 2:29 pm

There is nothing new under the Moon.
Article aged about 15yo soon
http://www.symantec.com/connect/article ... -practices

Seems nobody cares
Windows assumes I'm stupid but Linux demands proof of it

Royal-Mint
Level 1
Level 1
Posts: 35
Joined: Tue Jul 22, 2014 3:57 am

Re: Github Attack Attempt

Post by Royal-Mint » Sun Jun 19, 2016 12:26 am

They must have lots of free time.

User avatar
killer de bug
Level 14
Level 14
Posts: 5415
Joined: Tue Jul 08, 2008 1:49 pm
Location: Leuven, Belgium

Re: Github Attack Attempt

Post by killer de bug » Mon Jun 20, 2016 10:08 am

I reviewed the connection on my account and I was not concerned.
But I will change again my password just in case :)
If it ain't broke, fix it until it is.

mike acker
Level 6
Level 6
Posts: 1425
Joined: Wed Jul 31, 2013 6:29 pm
Location: Kalamazoo, MI

Re: Github Attack Attempt

Post by mike acker » Tue Jun 28, 2016 11:53 am

i like to use Gibson Research

Password Generator

it will provide you with a dandy!

like this: X!ioW@6@cnl;W

there are various password managers available, e.g. "LASTPASS"; i've not used one of these; i just keep my passwords in a .zip that is encrypted;

any comments on password managers :?:
¡Viva la Resistencia!

User avatar
Fred Barclay
Level 12
Level 12
Posts: 4204
Joined: Sat Sep 13, 2014 11:12 am
Location: Bumping around in the bush

Re: Github Attack Attempt

Post by Fred Barclay » Tue Jun 28, 2016 12:18 pm

mike acker wrote:any comments on password managers :?:
I use and like keepassx since it's completely local storage (unlike LastPass). I don't care for my passwords being stored online, encrypted or not. Keepassx is pretty good and has some handy functions, like random password generation.

I do have a bit of distrust for any password manager, so I've made sure that keepassx isn't a single point of failure. All of my passwords in it are for accounts that I have linked to email addresses that only I know the passwords to, so if keepassx fails me and an attacker gets my passwords, I can still recover my accounts.
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein

User avatar
cholq
Level 3
Level 3
Posts: 113
Joined: Tue Jul 08, 2014 9:27 pm
Location: New Jersey, USA

Re: Github Attack Attempt

Post by cholq » Tue Jun 28, 2016 1:59 pm

mike acker wrote:
any comments on password managers :?:
I use Enpass. They have a lot of the same features of lastpass, (password generator, local encryption/decryption only, easy syncing between devices) but they are free to sync among as many desktops as you want, and when you pay for mobile access (in my case, android) I get lifetime access to install it on as many android devices as I want to install on. If you wanted to install it on an android and an ipad, you'd need to pay for both of those device types, but you'd get lifetime access to them both. I think LastPass had you pay by number of devices, so paying by device type worked better for me. That may have changed since I looked into it.

And it has worked well on multiple linux distros for me.

Keepassx looked like it would have worked well if I was just on a single machine, but I needed to sync between many machines, and it looked like I had to do a lot of that syncing on my own, so that is why I didn't go that direction. Enpass made syncing very easy.

Post Reply

Return to “Open chat”