HITB GSEC Singapore (August 21st - 25th)
Register Online Now!
Github Search Exposes Passwords
From the 'If you leave the keys out in the open it's your own fault' files:
Github rolled out a new search tool today making it easier to not just discover new projects, but code within projects. Think Google Code search (when it was alive, but better).
So the TL;dr version is – awesome power. But as Spiderman taught me a long time ago, with great power comes great responsibility. My friend and all around beacon of bodacious knowledge Carla Schroder (@CarlaSchroder) pointed out to me that there is no shortage of embedded private SSH keys and passwords that can easily be found. This is a problem that a few people have now noticed and a simple search can easily pull up more results than I care to count.