So users can add other users' SSH keys (sourced from GitLab, ....) to their GitH... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		laurensr on Jan 9, 2023 \| parent \| context \| favorite \| on: ssh whoami.filippo.io So users can add other users' SSH keys (sourced from GitLab, ....) to their GitHub profile, essentially depriving the actual key owner from using GitHub

basilgohar on Jan 10, 2023 [–]

But then that opens them up to having their victim commit code to their repos directly, as well.

yencabulator on Jan 10, 2023 | [–]

Not a big deal for an attacker to create a dummy account.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact