Hacker News new | comments | show | ask | jobs | submit login

If you DDOS GitHub as a whole, how does that call attention to the one project a bad guy has trojaned?

If the project has mostly "commercial" developers then chances are they work on it during the week. DDOS GitHub during the week and let off for the weekend. That gives a few days worth for your trojan to be downloaded by the unsuspecting. People will also have tired hearing about the "github news" so new news about trojaning will take a little longer to disperse.

That's completely unnecessary and potentially risky for the attacker. Your theory is not based in reality. DOES NOT MAKE SENSE.

But... what commercial projects can possibly be on GitHub that worth this trouble? Facebook's C++ compiler? ....

If there is such commercial product, it would have been self-hosted. Not GitHub.

Here are some random ones off the top of my head. I'm happy to accept that you can't think of any value of these to bad guys, but the bad guys are not limited by your or my imagination.

MongoDB and all the drivers https://github.com/mongodb

Mixpanel analytics libraries https://github.com/mixpanel

Sencha Javascript libraries https://github.com/senchalabs

Yahoo YUI and various other JS related gunk https://github.com/yahoo

Shopify ecommerce libraries https://github.com/Shopify

Engine Yard tools & utils https://github.com/engineyard

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact