Public
- Public
- Network
- Groups
- Popular
- People

Conversation

Notices

LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Sunday, 17-Apr-2022 02:14:48 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
- GeniusMusing
Oh sh*t.

The one good thing is that they can revoke the OAuth tokens and immediately stop the cybercriminals' access to more data. The data that has already been exfiltrated can't be pulled back, however.

In conversation Sunday, 17-Apr-2022 02:14:48 UTC from nu.federati.net permalink
- LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Sunday, 17-Apr-2022 03:50:36 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
  in reply to
  
  I can understand if they somehow obtained one account's OAuth token(s), but multiple? Is the vulnerability in Heroku and Travis-CI, or is it in GitHub itself?
  
  Or were those organizations just careless about the equivalent of a randomly generated very long per-app password?
  
  In conversation Sunday, 17-Apr-2022 03:50:36 UTC permalink
- LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Sunday, 17-Apr-2022 13:14:55 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
  - GeniusMusing
  #TIL: #Salesforce owns #Heroku https://techcrunch.com/2010/12/08/breaking-salesforce-buys-heroku-for-212-million-in-cash/
  In conversation Sunday, 17-Apr-2022 13:14:55 UTC permalink
  Attachments
  1. Salesforce.com Buys Heroku For $212 Million In Cash
    
    from Robin Wauters
    
    Salesforce.com has just announced that it is acquiring Heroku, which provides a Ruby application platform-as-a-service, for approximately $212 million in cash. That's one hell of an exit for the startup, which was founded in 2007 and has raised only $13 million in funding.

Public

Conversation

Notices

Feeds