GitHub comments used to distribute malware (BleepingComputer)
GitHub comments used to distribute malware (BleepingComputer)
Posted Apr 24, 2024 15:26 UTC (Wed) by mbunkus (subscriber, #87248)In reply to: GitHub comments used to distribute malware (BleepingComputer) by wtarreau
Parent article: GitHub comments used to distribute malware (BleepingComputer)
I like the idea of only hashing, but noch so much of adding a prefix, whatever it may be. We humans tend to latch on to known things, meaning we might spot a well know repository name in the URL and then just stop scrutinizing the URL further.
Posted Apr 25, 2024 15:41 UTC (Thu)
by wtarreau (subscriber, #51152)
[Link]
GitHub comments used to distribute malware (BleepingComputer)
There are pros and cons there. One difficulty that may arise with only a hash is that if some deployment systems become popular based on this, users will be trained to trust any hash, thus all of them will look legit :-/ Worse, there will be no way to figure where it was posted. At least with a prefix it can help figure some context.