Oddbean new post about | logout
4ff2e6be | 1 years ago (raw) | root | parent | reply | flag 
 @7c36db82 2/2

Yes, there is no proof or indication that anything happened to any GH repository yet. 👍 

However, in IT security, you don't rely on lucky guess. A compromised network is still a compromised network and needs to be restarted from a clean status.

It doesn't look like MS is going to setup major parts of their infrastructure to introduce trustworthy hosts again.

So where's the FUD in terms of reasoning?
5ab0ff62 | 1 years ago (raw) | root | parent | reply | flag 
 @033b744f 

> So where's the FUD in terms of reasoning?

> It *doesn't look like* MS is going to setup major parts of their infrastructure to introduce trustworthy hosts again.

I think you answered yourself very well.

In IT security, lucky guess are not primitives to build threat models. Hypotheses, assumptions, economics, politics, technical measures and careful analyses are.

What you are doing is just lucky guessing that MSFT didn't do any form of "reasonable" due diligence.