100,000 malicious repositories flood GitHub. Yikes. In this episode, your host, John Martinez, recaps the issue and shares how to protect yourself.
Hello everybody, this is John Martinez and here's another episode of John Has Trust Issues where we talk about issues of Zero Trust and authorization in a few minutes.
Today I'm on location in beautiful London here at oh two for a conference on identity.
Today I am gonna be talking about the GitHub repo confusion issue that's happening that's affecting a lot of, uh, GitHub users these days for about a hundred thousand plus according to researchers over at ro.
And it's affecting pi pi where a lot of seemingly regular, uh, GI GitHub repos that people use and, and fork and use for every day, uh, are infected with malware that reports things like credentials and other beautiful things that infects people and they take over your accounts and do all sorts of nasty things and continue the fork, the fork bombs, and propagate all of that malicious code.
So a couple of things that you can do to prevent this is definitely take a look at your GitHub authorization, your GitHub authentication, absolutely have at a minimum implement multifactor authentication hardware, device tokens, et cetera, so that you can shore up your credentials and not be susceptible to this attack.
And definitely be careful of which repos that you fork, which repos that you include in your software supply chain and take care of that.
So again, thank you everybody.
This episode is brought to you by StrongDM and again, from location in London, that's another issue of John has trust issues.
Thank you very much.
