Ars Technica: GitHub says hackers cloned code-signing certificates in breached repository. “GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom.”
Bellingcat: Octosuite: A New Tool to Conduct Open Source Investigations on GitHub. “Octosuite is an advanced GitHub framework written in Python that uses GitHub’s Public API to make the process of investigating accounts and repositories on the platform more efficient, while also creating a set of automated and easily reproducible queries.”
Bleeping Computer: Slack’s private GitHub code repositories stolen over holidays. “Slack suffered a security incident over the holidays affecting some of its private GitHub code repositories. The immensely popular Salesforce-owned IM app is used by an estimated 18 million users at workplaces and digital communities around the world.”
Bing Blog: Discover New Roads with Bing Maps. “The Microsoft Maps AI Team has detected 47.8M km of all roads and 1.16M km of missing roads from Open Street Maps (OSM). These new roads were detected using Bing Maps imagery collected between 2020 and 2022 including sources from both Maxar and Airbus. The complete set of roads is also shared on Github with the open data community and is freely available for download and use under the Open Data Commons Open Database License (ODbL).”
TechCrunch: GitHub brings free secret scanning to all public repos. “Every developer knows that it’s a bad idea to hardcode security credentials into source code. Yet it happens and when it does, the consequences can be dire. Until now, GitHub only made its secret scanning service available to paying enterprise users who paid for GitHub Advanced Security, but starting today, the Microsoft-owned company is making its secrets scanning service available for all public GitHub repos for free.”
Second Life Blog: Second Life on GitHub. “Linden Lab open-sourced Second Life’s client on January 8th, 2007. In the 15 years since, open source contributions have led to countless new features and bug fixes that have markedly improved the life of our virtual world. Without open source, SL would not be as vibrant, enduring and successful as it is today. As part of an effort to improve and modernize our tooling and better support the open source community, I’m happy to announce that Second Life’s source code is moving to GitHub, the world’s most popular version control hosting platform.”
Search Engine Journal: LinkedIn + GitHub Launch 40+ Free Courses. “LinkedIn is teaming up with GitHub to launch over 40 software development courses through LinkedIn Learning, all of which are free until March 2023. The courses combine educational videos from LinkedIn with GitHub Codespaces, and cover today’s most popular programming languages.” The courses are free until the end of February.
The New Stack: The Dropbox GitHub Data Breach. “In a recent breach, 130 private Dropbox GitHub repos were opened up and copied. Here’s what happened.”
Bleeping Computer: Thousands of GitHub repositories deliver fake PoC exploits with malware. “Researchers at the Leiden Institute of Advanced Computer Science found thousands of repositories on GitHub that offer fake proof-of-concept (PoC) exploits for various vulnerabilities, some of them including malware. GitHub is one of the largest code hosting platforms, and researchers use it to publish PoC exploits to help the security community verify fixes for vulnerabilities or determine the impact and scope of a flaw.”
HackRead: Hackers can spoof commit metadata to create false GitHub repositories. “Checkmarx security researchers have warned about an emerging new supply chain attack tactic involving spoofed metadata commits to present malicious GitHub repositories as legit.”
TechXplore: Study finds toxicity in the open-source community varies from other internet forums. “A team of researchers from the Institute for Software Research (ISR) in Carnegie Mellon University’s School of Computer Science recently collaborated with colleagues at Wesleyan University to take a first pass at understanding toxicity on open-source platforms like GitHub.”
The Register: GitHub’s AI code assistant Copilot takes flight. And that’ll be $10 a month, please. “Microsoft’s GitHub on Tuesday released its Copilot AI programming assistance tool into the wild after a year-long free technical trial. And now that GitHub Copilot is generally available, developers will have to start paying for it. Or most of them will. Verified students and maintainers of popular open-source projects may continue using Copilot at no charge.”
MakeUseOf: The 8 Best Chrome Extensions to Improve Your GitHub Experience. “GitHub is the most-used platform for hosting and editing code. It’s easy to see why, given the features and ease of use it offers. However, despite a clean interface and a boatload of handy features, there’s room for improvement. Therefore, here, we’ll take a look at the eight best Chrome extensions that add new features to GitHub and improve the interface.”
MIT Technology Review: How censoring China’s open-source coders might backfire. “Many suspect the Chinese state has forced Gitee, the Chinese competitor to GitHub, to censor open-source code in a move developers worry could obstruct innovation.”
SecurityWeek: GitHub Announces Mandatory 2FA for Code Contributors. “Code hosting platform GitHub on Wednesday said it would make it mandatory for software developers to use at least one form of two-factor authentication (2FA) by the end of 2023.”
The ResearchBuzz Firehose is regular RB content presented as individual posts.
For digest-type posts a couple of times a day, please visit ResearchBuzz.
Want to know how to best use the Firehose for content discovery?
Check out this handy article.