Session Name: Be Very Afraid: Git Commit Spoofing in Open Source - No False Alarm
A recent Git Attack scare went viral claiming 35,000 repos compromised - that was then relegated by Github and other major players in the industry as a false alarm. But was it? In this talk I’ll walk you through why this scare fooled even bona fide researchers into believing an attack was under way. The methods used - such as Git Commit Spoofing - and why you should be very afraid of them, why phishing isn’t only for email and how protect yourself when leveraging public-facing resources, and we’ll wrap up with the things you can proactively do to not be the victim of such attacks.
I'm a senior full-stack developer with a favorite kid named Frontend. For over ten years now, I've enjoyed writing clean code, simplifying complex problems, leading feature development, and influencing innovation every day. When I’m not busy with code, you’ll find me talking about application performance, building confidence in code-bases, product architecture, developing organizational culture, and other nerdy dev stuff. Besides all that, I'm a father of two, a hobbyist photographer, lego builder, and food creator.