So, cloning a malicious repository on GitHub Codespaces using GitHub CLI will always leak the access token to the attacker’s hosts.

baha

Kas turbūt su lietuviškaisiais incidentais labiausiai ir erzina… normalus postmortemas būtų naudingas visiems. O “viskas gerai, sutvarkėm” - tik subinės dangstymas lapais :(

Blemba, kuičiau BGP istoriją, tai lyg ir nieko įdomesnio, kaip kažkoks dingęs subnetas, nesugebėjau rasti.

What about 38C3 this year? :}

Excerpt on impact:

The attack can most effectively be carried out by a person who has administrative control over the network the target is connecting to. In that scenario, the attacker configures the DHCP server to use option 121. It’s also possible for people who can connect to the network as an unprivileged user to perform the attack by setting up their own rogue DHCP server.

yay, signed patches