Email or username:

Password:

Forgot your password?
Astrid (Certified Server Maid)
lemme just borrow ur account for one second bro just one second bro trust me bro I'll give it back I won't do any changes bro just trust me bro just
Project Collaboration Opportunity: Brief GitHub Login Request | 项目合作机会:简短GitHub登录请求

Hi,

I'm participating in a project and need to use an active GitHub account to log in briefly. I only need to log in to the website, without making any authorizations or changes. I noticed that your account meets the criteria. Could I borrow it for a few minutes? If the website verification is successful, I'm willing to offer a reward of $300. If it doesn't work, I'll still give you a thank-you payment of $30.
8 comments
Dave Anderson

@astrid I'd be so curious to nerf all my permissions on everything and then hand it over to see what they try to do. Not going to though, because yeah, that's a trap. But I'm curious what the attack is.

Astrid (Certified Server Maid)
@danderson yeah I'm gonna go and lead then on and see what they do
Dave Anderson

@astrid galaxy brain idea: make a burner github account that's a member of nixos, cncf and a bunch of other high value targets, wait for the email, then delete all the memberships and hand the account over to see what they try

Raito Bezarius

@danderson @astrid though it's highly likely here they're here for the airdrop cryptocurrency money and are just scamming you out of shitcoins

Dave Anderson

@raito @astrid aww, boring. There's so much more you can do!

Then again given today's events maybe I shouldn't be demanding better attackers...

Raito Bezarius

@danderson @astrid let's thank the gods of economical efficiency everyday

it doesn't seem like the chaotic attacker that could be so meticulous to target all distros and be stealthy as fucked has appeared *or* we didn't detect it

Dave Anderson

@raito @astrid yeah that's when the doom spiral starts. Either it hasn't happened, or it happened so well we're completely fucked and don't even know.

Irenes (many)

@danderson @raito @astrid the way we see it, the primary exploit here was the social one (see details at [1]). this is absolutely what passes for stealth on that front.

[1] boehs.org/node/everything-i-kn

Go Up