Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
downrightmike
8 months ago
|
parent
|
context
|
favorite
| on:
Ruby Central's Attack on RubyGems [pdf]
The NPM breach was an email that stated the dev needed to update their MFA by the next day in order to keep their access.
If you're arguing that is what ruby central should have done, that's a social engineering attack.
mrinterweb
8 months ago
|
next
[–]
How would a heads up email look like a phishing email? Blindsiding the maintainers like this is just cruel.
loloquwowndueo
8 months ago
|
prev
[–]
It’s entirely possible to distinguish between legit internal communication and a phishing email. (It gets harder and harder every day but ultimately still possible)
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
If you're arguing that is what ruby central should have done, that's a social engineering attack.