Software Architect @ Smartersoft B.V. | Designing Azure Solutions | Microsoft MVP Security & Graph
As a security enthusiast, I'm fascinated by articles like these. It seems you can access all commits from all forks, even if the fork is already deleted, just by knowing (or guessing) the SHA1 hash of the commit. But seriously who is going to guess the full SHA1 of a deleted commit? no worries, you just have to guess the last 4 (!!!) characters, because GitHub wants to make it easy so you can also use the last (at least 4) characters of the commit hash to reference code. GitHub' response: "This is by design, and is working as intended" #security #mvpbuzz
Software Supply Chain Red Team | DevSecOps Leader | Top 100 Australian Tech Innovators | PLG Startup Founder & Advisor | Snowboarder | @6mile
Ouch! GitHub forked repos are exposing sensitive data via deleted forks. Even worse, the boundary between private and public repos is not as secure as we think—great work from Joseph Leon, Dylan Ayrey, and the team at Truffle Security Co. https://lnkd.in/gD2x6iPh
Power Platform & Azure Architect - Changing the world one app at a time! Note: I'm happy as an independent! Dear recruiters: I'm open for contracts, not FTE roles! Want to connect? Write a note! Otherwise, follow me :-)
4moWait what??