Github Search Exposes Passwords
From the 'If you leave the keys out in the open it's your own fault' files:
Github rolled out a new search tool today making it easier to not just discover new projects, but code within projects. Think Google Code search (when it was alive, but better).
So the TL;dr version is – awesome power. But as Spiderman taught me a long time ago, with great power comes great responsibility. My friend and all around beacon of bodacious knowledge Carla Schroder (@CarlaSchroder) pointed out to me that there is no shortage of embedded private SSH keys and passwords that can easily be found. This is a problem that a few people have now noticed and a simple search can easily pull up more results than I care to count.
- Thu, 2013-11-21 00:45
- Tue, 2012-03-06 01:19
- Mon, 2012-03-05 09:38