TechPulseTechPulse
Back to News
Advertisement
Advertisement

⚡ Community Insights

Discussion Sentiment

50% Positive

Analyzed from 504 words in the discussion.

Trending Topics

#cisa#pattern#consistent#data#sort#more#agency#using#repository#project

Discussion (12 Comments)Read Original on HackerNews

m3047•about 6 hours ago
CISA said “there is no indication that any sensitive data was compromised as a result of the incident.”

Oh wow. Except for those secrets.

InsideOutSanta•about 2 hours ago
Except for all the leaked data, absolutely no data was leaked.
0xbadcafebee•42 minutes ago
> CISA, which lost more than a third of it workforce and almost all of its senior leaders after the Trump administration forced a series of early retirements, buyouts, and resignations across the agency’s various divisions
niwtsol•about 3 hours ago
What an egregious mistake. "exhibits a pattern consistent with an individual operator using the repository as a working scratchpad or synchronization mechanism rather than a curated project repository" - isn't is git 101 to not put creds in git? What pattern do they think this is consistent with?
apnorton•about 2 hours ago
They're not defending it as an established workflow pattern or some kind of best practice.

The usage of "exhibit a pattern consistent with..." is just describing what it looks like the repository was used for. i.e. it's not a set of government sourcecode for an internal project, it's not something indicative of intentionally leaking large amounts of data, etc.

nkrisc•about 1 hour ago
> What pattern do they think this is consistent with?

They clearly stated what pattern this usage is consistent with: using it as a sort of personal scratch pad.

You’re assigning more meaning to the statement than there is. They are simply stating an observation.

irishcoffee•21 minutes ago
If I had a dollar for the amount of secrets committed to public repositories I could probably retire. No, that isn’t an excuse. Pretending the US govt isn’t made up of people just like you or I is quite silly.
Cider9986•about 2 hours ago
Maybe Massie was right when he didn't want to fund CISA.
water-data-dude•about 1 hour ago
Maybe this is what happens when you fill roles based on loyalty to one person rather than competence
0x59•about 2 hours ago
Reminds me of the enshittification of public transit. Reduce funding, service level decreases, negative sentiment follows.

Eventually, paths like that may lead to increased privatization through security contractors.

fragmede•about 3 hours ago
> “Ultimately, this is a thing you can’t solve with a technical control,” Boileau said on this week’s podcast. “This is a human problem where you’ve hired a contractor to do this work and they have decided of their own volition to use GitHub to synchronize content from a work machine to a home machine. I don’t know what technical controls you could put in place given that this is being done presumably outside of anything CISA managed or even had visibility on.”

More competent technical control means a random contractor doesn't have passwords from mid-2025 to copy to their home machine that even still work after 30 days, if not 5.

xoa•about 2 hours ago
This. In fact I thought the government had long since gotten pretty serious about using smartcards and HSMs for everything? Why let anyone take any sort of accessible credential at all vs handing out hardware they can use but that cannot have the credentials taken off? At some organizations the extra cost would be a concern of course but that wouldn't be the case here.

Or maybe that'd have been the sort of project and standard CISA would have formerly done before the Republicans gutted it last year I guess, and this is just another symptom of rot? But yeah to your point technology certainly can absolutely help with this sort of thing. It's not some inevitable act of nature.

imglorp•about 2 hours ago
It's almost like gutting the agency of experts diminishes their opsec capacity among many others.

In 2020 Chris Krebs contradicted stolen election claims. In 2025, Trump sacked Krebs and revoked his clearance, leaving CISA without a director. https://en.wikipedia.org/wiki/Chris_Krebs

In March 2025, the cuts began. https://techcrunch.com/2025/03/11/doge-axes-cisa-red-team-st...

In 2026, it was still without a director and running on fumes. https://techcrunch.com/2026/02/25/us-cybersecurity-agency-ci...

This activity is consistent with intentionally weakening a country's defenses from within and sowing chaos.

wnevets•about 2 hours ago
If a foreign adversary was in charge would we know the difference?