GitHub Search Update Exposes Security Vulnerabilities

Monday Jan 28th 2013 by Developer.com Staff
Share:

Many users were inadvertently publishing their private encryption keys.

On Tuesday, the popular code hosting service GitHub updated its search capabilities. By Thursday, developers had discovered that those new search capabilities were turning up private information that was publicly available through GitHub. In many cases, that information included private encryption keys for GitHub projects. Armed with those keys, hackers could potentially access and make changes to the code for various projects.

Security experts are warning GitHub users to make sure they don't accidentally include their private files when they upload code to GitHub. But some are calling for GitHub to take stronger measures to ensure this sort of thing doesn't happen. One security researcher tweeted, "When one person pushes their private key to GitHub, it's an idiot problem. When a hundred people do, it's not about idiot users anymore."

View article

Share:
Home
Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved