Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Updated: Github users have been caught out storing keys and passwords in public repositories.
Search links popped up throughout Twitter today pointing to stored keys including what was reportedly credentials for the Google Chrome source code repository, Chromium.
Scores of other credentials were exposed, some representing serious security blunders.
Okay, someone has found a profoundly dangerous example of a password unwittingly stored to @github. This problem needs addressing ASAP. — Melissa (@0xabad1dea) January 24, 2013
Okay, someone has found a profoundly dangerous example of a password unwittingly stored to @github. This problem needs addressing ASAP.
While the keys are no longer searchable via the GitHub due to technical problems, they remain exposed through normal internet search queries.There is also no mechanisms to prevent users from uploading keys, a point which some security boffins say GitHub should implement.
.@0xabad1dea it would be responsible for @github to alert on checkin. Crippling their search won't do squat. — Dan Guido (@dguido) January 25, 2013
.@0xabad1dea it would be responsible for @github to alert on checkin. Crippling their search won't do squat.
Copyright © SC Magazine, Australia
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.
