February 29, 2024 archive

Feb 29

The Github Malware Attack – and the Importance of Trusting the Repository You Use

There’s a terrible attack happening against Github right now where attackers are forking legitimate repositories and injecting malware – and then hoping unsuspecting users will download code from the attacker’s repo instead of the original. A researcher estimates this is happening to about 100,000 repos on Github.

As Dan Goodin writes at Ars Technica:

The malicious repositories are clones of legitimate ones, making them hard to distinguish to the casual eye. An unknown party has automated a process that forks legitimate repositories, meaning the source code is copied so developers can use it in an independent project that builds on the original one. The result is millions of forks with names identical to the original one that add a payload that’s wrapped under seven layers of obfuscation. To make matters worse, some people, unaware of the malice of these imitators, are forking the forks, which adds to the flood.

His article continues in great detail about how the attack works and the dangers involved. He also notes how Github is fighting back against this and removing malware repos … but the scale of the attack makes this hard.

A key point to me is that you should only download and execute code from repositories you trust.

This is kind of a 🤦‍♂️ statement, but it’s so easy to just search for code, find a repo, and use the code.

We all need to take the extra moment and figure out: is this repo a fork of another repo? And if so… why? There are perfectly legitimate reasons to fork a repo. Perhaps someone wants to improve the code or offer a new feature in a way the original developer didn’t want to.

But, as this attack shows, there are also malicious reasons for forking a repo.

We need to be sure we trust the source – which may mean doing the detective work to trace back and see if this is the original repo.

I wish the folks at Github all the best in combatting this attack. The ability to easily fork repos is such a key part of Github and the collaborative development of code. It’s unfortunate that it is being abused in this way. 🙁

Feb 29

New Excellent Analysis of Where IPv6 Grew in 2023

Where did IPv6 grow in 2023? Where did it not? What countries led on IPv6 deployment?

Recently a colleague of mine at the Internet Society, Robbie Mitchell, laid all this out in a long post titled “Governments and Industry Driving IPv6 in 2023”. With data and many charts he walks through where IPv6 deployment is improving and where more work is needed.

I found it fascinating to see how much the Asia-Pacific region is growing, while here where I live in the USA the growth was minuscule (1.7%). Particularly since historically the ISPs in the USA have been strong drivers of IPv6 growth.

I’ll note that if you want to track IPv6 growth, the Internet Society’s Pulse platform has a page about technologies at: https://pulse.internetsociety.org/technologies – on that page you can see data and maps that show IPv6 deployment (as well as for other technologies).

Feb 29

New Excellent Analysis of Where IPv6 Grew in 2023

Where did IPv6 grow in 2023? Where did it not? What countries led on IPv6 deployment?

Recently a colleague of mine at the Internet Society, Robbie Mitchell, laid all this out in a long post titled “Governments and Industry Driving IPv6 in 2023”. With data and many charts he walks through where IPv6 deployment is improving and where more work is needed.

I found it fascinating to see how much the Asia-Pacific region is growing, while here where I live in the USA the growth was minuscule (1.7%). Particularly since historically the ISPs in the USA have been strong drivers of IPv6 growth.

I’ll note that if you want to track IPv6 growth, the Internet Society’s Pulse platform has a page about technologies at: https://pulse.internetsociety.org/technologies – on that page you can see data and maps that show IPv6 deployment (as well as for other technologies).