Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (Cyborg)
  • No Skin
Collapse
Brand Logo

CIRCLE WITH A DOT
  1. Home
  2. Uncategorized
  3. my job?

my job?

Scheduled Pinned Locked Moved Uncategorized
4 Posts 2 Posters 0 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • yossarian@infosec.exchangeY This user is from outside of this forum
    yossarian@infosec.exchangeY This user is from outside of this forum
    yossarian@infosec.exchange
    wrote last edited by
    #1

    my job? wasting an absolutely ungodly amount of GitHub's free compute

    Link Preview Image
    yossarian@infosec.exchangeY 1 Reply Last reply
    0
    • yossarian@infosec.exchangeY yossarian@infosec.exchange

      my job? wasting an absolutely ungodly amount of GitHub's free compute

      Link Preview Image
      yossarian@infosec.exchangeY This user is from outside of this forum
      yossarian@infosec.exchangeY This user is from outside of this forum
      yossarian@infosec.exchange
      wrote last edited by
      #2

      my list got cut off

      Link Preview Image
      caspicat@infosec.exchangeC 1 Reply Last reply
      0
      • yossarian@infosec.exchangeY yossarian@infosec.exchange

        my list got cut off

        Link Preview Image
        caspicat@infosec.exchangeC This user is from outside of this forum
        caspicat@infosec.exchangeC This user is from outside of this forum
        caspicat@infosec.exchange
        wrote last edited by
        #3

        @yossarian btw have you seen this? Old news, but not sure if this was widely discussed. TL;DR You can't trust GitHub runner images

        https://www.stepsecurity.io/blog/how-stepsecurity-harden-runner-detected-unexpected-microsoft-defender-installation-on-github-hosted-ubuntu-runners

        No SBOMs released for affected images during that window
        https://github.com/actions/runner-images/releases

        yossarian@infosec.exchangeY 1 Reply Last reply
        0
        • caspicat@infosec.exchangeC caspicat@infosec.exchange

          @yossarian btw have you seen this? Old news, but not sure if this was widely discussed. TL;DR You can't trust GitHub runner images

          https://www.stepsecurity.io/blog/how-stepsecurity-harden-runner-detected-unexpected-microsoft-defender-installation-on-github-hosted-ubuntu-runners

          No SBOMs released for affected images during that window
          https://github.com/actions/runner-images/releases

          yossarian@infosec.exchangeY This user is from outside of this forum
          yossarian@infosec.exchangeY This user is from outside of this forum
          yossarian@infosec.exchange
          wrote last edited by
          #4

          @caspicat I actually hadn't seen this, but I'm not sure how it makes GH's own runners untrustworthy? it's definitely a (bad) operational error, but AFAICT it doesn't change the platform's security posture significantly

          1 Reply Last reply
          1
          0
          • R relay@relay.infosec.exchange shared this topic
          Reply
          • Reply as topic
          Log in to reply
          • Oldest to Newest
          • Newest to Oldest
          • Most Votes

          • Login
          • Login or register to search.
          • First post
            Last post
          0
          • Categories
          • Recent
          • Tags
          • Popular
          • World
          • Users
          • Groups