Security issue with Github links

[cookpa]

As reported by bleepingcomputer.com, malicious actors have been uploading files via the Github comments function, which generate URLs that appear to be from a particular repository, but in fact have nothing to do with the repository or its maintainers.

When a file is drag/dropped into Github, a unique URL is generated of the form

https://www.github.com/{project_user}/{repo_name}/files/{file_id}/{file_name}

eg, for ANTs, anyone can make a file of the form

https://www.github.com/ANTsX/ANTs/files/{file_id}/{file_name}

for images and videos, files is replaced by assets. Repository admins have no control over this, the comments don't even need to be posted.

While ANTs is probably unlikely to be targeted, I just want to let everyone know to be wary of deep links from Github in general. The safest way to download ANTs binaries is to navigate to the releases page and then get the download you need from there.