GitHub as an attack infrastructure, such as through an organization's denial of service (DoS) or management command and...
GitHub officially rolled out a series of drastic changes into their platform against the malicious codes and exploit scripts hosted on their platform and additional announcements. GitHub officially rolled out a series of drastic changes into their platform against the malicious codes and exploit scripts hosted on their platform and additional announcements.GitHub officially rolled out a series of drastic changes into their platform against the malicious codes and exploit scripts hosted on their platform and additional announcements.
"We explicitly permit dual-use security technologies and content related to research into vulnerabilities, malware, and exploits," the Microsoft-owned company said. "We understand that many security research projects on GitHub are dual-use and broadly beneficial to the security community. We assume positive intention and use of these projects to promote and drive improvements across the ecosystem."
The company stated that it will no longer be allowing anyone to use GitHub directly in support of illegal attacks or malware activities that can lead to technical catastrophes, and that measures can be taken to disrupt ongoing attacks that use the platform as a vulnerability exploit or delivery network. Content (CDN) To this end, users avoid uploading, publishing, hosting, or transmitting any content that can be used to deliver malicious executable files or abuse GitHub as an attack infrastructure, such as through an organization's denial of service (DoS) or management command and control server (C2).
"Technical harms means overconsumption of resources, physical damage, downtime, denial of service, or data loss, with no implicit or explicit dual-use purpose before the abuse occurs," GitHub said.
If misuse of dual-use content is prevalent, Google restricts access to that content by placing it behind authorization and states that it may be modified or modified by disabling access to the Services for various content as a "last resort". All of this is limited. These measures are not realistic. GitHub has also announced that it will contact project leaders to inquire about relevant controls, if possible. The change came after the company enforced security, malware and platform usage in its research policy at the end of April. Using clear phrases to **remove "active and harmful content" and "hard code" makes it easier to detect protection.
By addressing the vulnerabilities, GitHub policy reviews are directly criticized with wide-ranging criticism that aims to identify proof-of-concept (PoC) attacks, unless the repository or compromised code is directly involved in an active campaign. Also, good results. The system fixes several vulnerabilities known as ProxyLogon in the code downloaded by researchers. Microsoft was discovered by a Chinese government-backed hacker group that tried to hack Exchange servers around the world. GitHub removed it following its usage guidelines at the time and said the code " detected a vulnerability that has been actively exploited recently."