Hijacker Github

0 views
Skip to first unread message

Madison Spiers

unread,
Jan 24, 2024, 10:56:53 PM1/24/24
to helcogusgua

Attacks against developers are increasing and in the past year, dozens have been documented. For instance, a threat actor recently distributed a backdoored version of a .NET development tool to deploy multiple malicious payloads, like a clipboard hijacker and a crypto miner. In another recent example, a campaign attributed to a North Korean entity has set up social network profiles and websites to social engineer and infect prominent figures of the developer community with malicious Visual Studio projects or browser exploits

I've moved all our company Git repositories to GitHub and now I want to add employees to the projects. Since most employees already have personal GitHub accounts, I'm wondering whether I should ask them to create a work GitHub account. The reason that I'm thinking of doing this is to decrease the chances of unauthorized access to our code base since their personal accounts may be well publicized through their personal activity on the site, increasing chances of targeted attacks. Furthermore, if their personal account is ever compromised it won't mean the whole company code is accessible to the hijacker. Since this will bring the burden of maintaining two accounts for the employees I'm wondering whether it is the correct approach and whether it even makes sense. I would love to hear your opinions on this.

hijacker github


DOWNLOAD ✫✫✫ https://t.co/wGplCJSrOZ



I would say that should be a choice left up to the employee. One thing I would say is do not force them to use their personal github account if they don't want to. I was at a company that used GitHub and while it was not a requirement, I personally wanted to create a separate account. The main reason was to protect my person projects. I didn't want the company to try to say one of my personal projects was their's because it was under the same github account used for their comapny projects (not sure if that would ever hold up in court however I don't have much faith in the legal system when it comes to things like this). I think having that clean separate can be a good thing.

We are doing it in our company. I don't want to start a discussion "what is safer, github or a server under your table that everyone has root access, not sure if the backup is working, etc". Our approach was:

df19127ead
Reply all
Reply to author
Forward
0 new messages