For git folks

Mark Wieder ahsoftware at
Sun May 5 00:09:13 EDT 2019

On 5/4/19 7:09 PM, J. Landman Gay via use-livecode wrote:
> No idea how prevalent this is:
> Mystery Git ransomware appears to blank commits, demands Bitcoin to 
> rescue code • The Register

It affects github, gitlab, bitbucket, etc, and seems to stem from some 
folks storing their login passwords in .git/config, which is a really 
really really stupid thing to do. And you have to go out of your way to 
do it.

Fortunately the "hack" just involves adding a new commit to the top of 
the stack, so there are some easy ways to recover. The ransom demand 
isn't so much a threat to keep code hidden but to make the "stolen" code 
public, which would really only affect private repositories.


And people store some interesting things in git repos. A few years ago 
at work I found our AWS credentials in cleartext in a repo. A private 
repo, but even so we had to wipe them from the repo, force push the new 
repo to github, and create new credentials as environment variables.

  Mark Wieder
  ahsoftware at

More information about the use-livecode mailing list