Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Announcements (Altcoins)
Re: [ANN][NYC] NEW YORK COIN at 2017 MACY'S THANKSGIVING DAY PARADE IN NYC!
by
moonshot9900
on 11/02/2020, 01:46:14 UTC
Quote from: scryptenthusiast on February 10, 2020, 10:09:25 PM
Quote from: scryptenthusiast on February 10, 2020, 08:12:45 PM
WHAT IF one or more of the EXCHANGES used one of the malware-infected wallets uploaded to Community Leadership controlled Github to enable 51% attack vector?  <-- Charlie you know it doesn't work that way - just stop with the FUD please, you are embarrassing yourself again

See a small subset of the many, many times this has happened before the vulnerabilities of github were well understood:
* https://www.zdnet.com/article/official-monero-website-compromised-with-malware-that-steals-funds/
* https://bitcoinist.com/syscoin-hacked-malware-inserted-in-github-account/
* https://malwaretips.com/threads/canonical-github-account-hacked-ubuntu-source-code-safe.93606/
* https://techcrunch.com/2018/06/29/hackers-too-over-the-gentoo-linux-github-repository/


While unfortunate, malware injection in Github has been fairly common and the short excerpt from https://medium.com/@newyorkcoin/timeline-analysis-and-response-to-recent-51-attack-941da50d625c explains what went down:


On October 30th, the Community Development Team discovered these infected wallet releases and quickly started to investigate. During the investigation, two major flaws in the general security of GitHub were discovered.
The first flaw was that any account within the organization can access any of the wallet release assets, even for repositories for which they do not have permissions. The second flaw was that all changes after the initial publish event of the wallet releases are silent and don’t trigger the GitHub web hook notifications. All changes made by members of the NYC GitHub Organization trigger an email and Discord notification, except changes in the wallet releases, which are arguably for a cryptocurrency the most important changes for requiring notifications. The team was able to identify the account used to change the wallet releases, and unfortunately, it was the GitHub account of a former community contributor who didn’t know about the compromised account.

Trying to explain open source, github and blockchain to you is like trying to explain orbital mechanics to a flat-earther.