tl;dr: User countermeasures:
- Noreply-Email-Address: Every GitHub user should either use a dedicated commit email address or GitHub’s noreply-email-address service, also enabling the option to block accidental command line pushes.
- 2-Factor-Authentication: Every GitHub user should have 2-Factor-Authentication enabled
- Raise Awareness: it’s the duty of developers aware of this issue toinform their colleagues about it
sed -i "s/$real_email/$github_email/" /opt/*/.git/config
Linkback protocols are an old breed. They were born in a time where MySpace, Wikipedia & WordPress had just been born, and Friendster was more popular than this new website called Facebook.
The latest linkback protocol, Webmention, is relatively recent though, as it became a W3C …
Almost a year ago, GitHub introduced security alerts. They are an awesome feature.
They function as notifications you receive whenever a vulnerability affecting one of your project dependencies.
But long after receiving a notification, how to list all security alerts affecting your repositories ?
I didn't found an out-of-the box solution …
Consider the following Python expression:
print("".join(set("ABCDE")))
What do you think it produces ?
Not necessarily "ABCDE". Right, but you would expect the result to be consistent, isn't it ?
$ for i in {1..3}; do python2.7 -c 'print("".join(set("ABCDE")))'; done
ACBED
ACBED
ACBED
Great !
...
But with …
Just relaying the information about this "ShellShock" vulnerability:
This seems to affect Apache, sshd, DHCP clients and even potentially git.
TL;DR here is how to check your Bash version
env x='() { echo Never called; }; echo YOUR BASH IS VULNERABLE …