Recent searches
Search options
@danderson
Also look at those excellent boundaries - a tight 6 hour window where work happens
@jonny Yeah! Obviously early to tell what happened here, but if it turns out to be an innocent maintainer who got pwned and used, I hope they're doing okay. The internet's kinda rough right now :/
@danderson @jonny Although I really don't know how one could not notice someone else committing in ones name... as a maintainer :'D
@danderson well if i were a threat actor i would have deliberately committed the bad stuff at an unusual time tho xD
@valpackett @danderson i guess this means we can get right back to "2FA would have prevented this" without skipping a beat, and get back to ignoring that this core infrastructure project has, on average, one maintainer
@danderson alternative interpretation: that work was done on a sandbox environment with no timezone configuration defaulting to UTC+0, to reduce risk of fingerprinting
@danderson maybe this is a persona managed by multiple teams. The first team prepositions the persona into a privileged position, and then the exploit team delivers the payload. The timezone mismatch is sloppy but believable.
| 
| 
| 
