the commit logs in the offending GitHub account show that the CISA administrator disabled the default setting in GitHub that blocks users from publishing SSH keys or other secrets in public code repositories.
This reads like exfiltration.
The fact that their other practices are so terrible introduces plausible deniability, I suppose. But it's only barely plausible IMO.
viraptor | 22 hours ago
Or plausible deniability? Making this public is one thing. But once you disable secrets protection on the repo as well...
hoistbypetard | 10 hours ago
That was my very first thought when I read
This reads like exfiltration.
The fact that their other practices are so terrible introduces plausible deniability, I suppose. But it's only barely plausible IMO.