Posts by

Ben Toews

@mastahyeti

Soft U2F

In an effort to increase the adoption of FIDO U2F second factor authentication, we're releasing Soft U2F: a software-based U2F authenticator for macOS. We've long been interested in promoting better…

HTTPS for GitHub Pages

Millions of people rely on GitHub Pages to host their websites and millions more visit these websites every day. To better protect traffic to GitHub Pages sites, as well as…

Two years of bounties

Despite the best efforts of its writers, software has vulnerabilities, and GitHub is no exception. Finding, fixing, and learning from past bugs is a critical part of keeping our users…

LIKE injection

Looking through our exception tracker the other day, I ran across a notice from our slow-query logger that caught my eye. I saw a SELECT … WHERE … LIKE query…

Subresource Integrity

Like many sites, GitHub uses a content delivery network (CDN) to serve static assets such as JavaScript, CSS, and images to our users. The CDN makes web browsing faster by…

GitHub implements Subresource Integrity

With Subresource Integrity (SRI), using GitHub is safer than ever. SRI tells your browser to double check that our Content Delivery Network (CDN) is sending the right JavaScript and CSS…

Read-only deploy keys

You can now create deploy keys with read-only access. A deploy key is an SSH key that is stored on your server and grants access to a single GitHub repository.…

View Issue/Pull Request buttons for Gmail

If you're a Gmail user who gets GitHub notifications via email, you'll notice that we've added subject-line links to issues and pull requests on notification messages. You can use these…

Two-factor Authentication

Today we're adding two-factor authentication to GitHub. When you enable this feature, it adds an additional layer of security to your account. When logging in to GitHub, after providing your…

Introducing GitHub Sudo Mode

In the ongoing effort to keep our users safe, we recently took inspiration from the Unix sudo command. We wanted to require password confirmation for dangerous actions on GitHub.com, but…