undefined | Better HN

0 pointsnekitamo12d ago0 comments

I wonder if this is related to the pretty serious security incident about Github which got published today:

https://x.com/sagitz_/status/2049153195243372569

With malicious HTTP headers, any user could access any repo on Github.com, or on the Enterprise Github instance they might have access to. It's even worse than that because it's remote code execution on the Github server.

It seems like Github has been a mess since the Microsoft acquisition. Definitely feels like another multi billion dollar screwup in the making, like Skype or Nokia were.

Hopefully the incidents in the last few weeks are a wakeup call, and they start getting their shit together.

0 comments

rtavares12d ago

> I wonder if this is related to the pretty serious security incident about Github which got published today

It is not. From the first footnote in the blog post:

> We've been discussing and putting together a plan to leave GitHub for months, and this blog post was written over a week ago. We only made the final decision this week.