BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Fwd: SSH Key Vulnerability - No Action Required

From: Lostmon lords <lostmon () gmail com>
Date: Thu, 8 Mar 2012 01:05:04 +0100
HI i have this email today,


---------- Forwarded message ----------
From: GitHub <support () github com>
Date: 2012/3/7
Subject: SSH Key Vulnerability - No Action Required
To: Lostmon () gmail com


A security vulnerability was recently discovered that made it possible
for an attacker to add new SSH keys to arbitrary GitHub user accounts.
This would have provided an attacker with clone/pull access to
repositories with read permissions, and clone/pull/push access to
repositories with write permissions. As of 5:53 PM UTC on Sunday,
March 4th the vulnerability no longer exists.

While no known malicious activity has been reported, we are taking
additional precautions by forcing an audit of all existing SSH keys.

# Required Action

Since you do not have any SSH keys associated with your GitHub
account, you were not at risk, and no action is required.

# Status

We take security seriously and recognize this never should have
happened. In addition to a full code audit, we have taken the
following measures to enhance the security of your account:

- We are forcing an audit of all existing SSH keys
- Adding a new SSH key will now prompt for your password
- We will now email you any time a new SSH key is added to your account
- You now have access to a log of account changes in your Account Settings page

Sincerely, The GitHub Team

--- https://github.com support () github com

To unsubscribe please click
here(http://news.github.com/wf/unsubscribe?upn=JUFThb4c7cl0KWACqCq52TvI9TeK9Bb0MvNaMykBy-2FFio8TJOUyiIcL5L9devgwbzGIva9JIGg-2FRnaBtwaaedaHG8JlCZ7q9REz6S1riEcJ0rcmZF-2BsOy4axMG8vBuVBBx1iFpM4abAmFIJ3YYuboktoGP9LbhAgZZQW3n7TJkOI3nntOovwP1-2FhF02JEQJ-2BZtyGYEv7jFI0OgVQDs0zpHocTV9CIe1iBJr5UCH9T6gXUHEQG-2FD6onJPhT6hh6iOZ-2BHM58VQ-2FDYVj3p-2BfECYizwdOf-2Bql80lXcRduudhZtu1ArEDgQPSLC2hVm0Ik-2Bwfk2e33uqAMWb6UIE9DSy8wg-3D-3D)
GitHub, Inc. 548 4th Street, San Francisco, CA, 94107


-- 
atentamente:
Lostmon (lostmon () gmail com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Small, inexpensive USB drives pose huge threats to organizations left unprotected. 
Download Chapter 1 of CREDANT Technologies eBook
Data Protection to the Rescue
http://www.credant.com/campaigns/external_media_ebook/chapter1/lp/
Previous By Date Next
Previous By Thread Next

Current thread: