FreshRSS

๐Ÿ”’
โŒ About FreshRSS
โ˜ท
โ–ณ
There are new available articles, click to refresh the page.
Before yesterdayYour RSS feeds

The time has come: GitHub expands 2FA requirement rollout March 13

By: Samuel Axon
A GitHub-made image accompanying all the company's communications about 2FA.

Enlarge / A GitHub-made image accompanying all the company's communications about 2FA. (credit: GitHub)

Software development tool GitHub will require more accounts to enable two-factor authentication (2FA) starting on March 13. That mandate will extend to all developers who contribute code on GitHub.com by the end of 2023.

GitHub announced its plan to roll out a 2FA requirement in a blog post last May. At that time, the company's chief security officer said that it was making the move because GitHub (which is used by millions of software developers around the world across myriad industries) is a vital part of the software supply chain. Said supply chain has been subject to several attacks in recent years and months, and 2FA is a strong defense against social engineering and other particularly common methods of attack.

When that blog post was written, GitHub revealed that only around 16.5 percent of active GitHub users used 2FAโ€”far lower than you'd expect from technologists who ought to know the value of it.

Read 6 remaining paragraphs | Comments

This weekโ€™s Reddit breach shows companyโ€™s security is (still) woefully inadequate

By: Dan Goodin
This weekโ€™s Reddit breach shows companyโ€™s security is (still) woefully inadequate

Enlarge (credit: Getty Images)

Popular discussion website Reddit proved this week that its security still isnโ€™t up to snuff when it disclosed yet another security breach that was the result of an attack that successfully phished an employeeโ€™s login credentials.

In a post published Thursday, Reddit Chief Technical Officer Chris "KeyserSosa" Slowe said that after the breach of the employee account, the attacker accessed source code, internal documents, internal dashboards, business systems, and contact details for hundreds of Reddit employees. An investigation into the breach over the past few days, Slowe said, hasnโ€™t turned up any evidence that the companyโ€™s primary production systems or that user password data was accessed.

โ€œOn late (PST) February 5, 2023, we became aware of a sophisticated phishing campaign that targeted Reddit employees,โ€ Slowe wrote. โ€œAs in most phishing campaigns, the attacker sent out plausible-sounding prompts pointing employees to a website that cloned the behavior of our intranet gateway, in an attempt to steal credentials and second-factor tokens.โ€

Read 14 remaining paragraphs | Comments

โŒ