|
|
|
|
|
|
by zigara
2622 days ago
|
|
|
The attacker seems to have responded: https://github.com/matrix-org/matrix.org/issues/357
edit: just saw the rest: https://github.com/matrix-org/matrix.org/issues?utf8=%E2%9C%... "[SECURITY] SSH Agent Forwarding I noticed in your blog post that you were talking about doing a postmortem and steps you need to take. As someone who is intimately familiar with your entire infrastructure, I thought I could help you out. Complete compromise could have been avoided if developers were prohibited from using ForwardAgent yes or not using -A in their SSH commands. The flaws with agent forwarding are well documented." |
|
|