Hey infosec peeps, anyone got an inside scoop on what’s going on with these bogus co-authored commit tags on GitHub? The attackerDOS/B repo has been taken down, so I can’t look at the commits that I supposedly co-authored. I have FIDO2 MFA on my account, so I’m reasonably certain that no one could have actually committed code to this repo under my account, but I’m also not super familiar with how co-authoring works.

#InfoSec #CyberSecurity #GitHub #attackerDOS

  • John Richard@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    17 days ago

    Is it possible that a repo you committed to got taken over and renamed? Furthermore, MicrosoftHub likely only checks basic info when tying users to commits so you could prob add any repo to GitHub and have it show that users committed that never actually did.

    • James Bartlett :terminal:@techhub.socialOP
      link
      fedilink
      arrow-up
      1
      ·
      17 days ago

      @timewarp@lemmy.world
      I’m pretty sure this is some kind of spam, because I can’t think of any legitimate reason for thousands of co-authors to be listed on a single commit. But just for kicks, any ideas how I might go about checking if the repo was renamed?