Forgot your password?
typodupeerror
Encryption Security IT

Github Kills Search After Hundreds of Private Keys Exposed 176

Posted by Soulskill
from the take-care-what-you-make-public dept.
mask.of.sanity writes "Github has killed its search function to safeguard users who were caught out storing keys and passwords in public repositories. 'Users found that quite a large number of users who had added private keys to their repositories and then pushed the files up to GitHub. Searching on id_rsa, a file which contains the private key for SSH logins, returned over 600 results. Projects had live configuration files from cloud services such as Amazon Web Services and Azure with the encryption keys still included. Configuration and private key files are intended to be kept secret, since if it falls into wrong hands, that person can impersonate the user (or at least, the user's machine) and easily connect to that remote machine.' Search links popped up throughout Twitter pointing to stored keys, including what was reportedly account credentials for the Google Chrome source code repository. The keys can still be found using search engines, so check your repos."
This discussion has been archived. No new comments can be posted.

Github Kills Search After Hundreds of Private Keys Exposed

Comments Filter:
  • At least... (Score:5, Funny)

    by Anonymous Coward on Friday January 25, 2013 @09:52AM (#42689973)

    they've been seen by 'many eye balls'.

    That's good right?

  • by robmv (855035) on Friday January 25, 2013 @10:16AM (#42690183)

    Stop, Google will shutdown search because of that

  • by ArsenneLupin (766289) on Friday January 25, 2013 @10:21AM (#42690227)
    But on the other hand, you certainly wouldn't object to any gals exposing their pubic "locks [github.com]"...
  • by 140Mandak262Jamuna (970587) on Friday January 25, 2013 @10:25AM (#42690275) Journal
    Back in the days when I was the root (of all evil according my fellow grad students) of our lab, one of the constant problems was people blindly doing chmod 777 .* on the $home. They have .emacs or .profile or .cshrc that was customized ages ago by some grad student, and they want to share it with a new student. Somehow they stumbled on to "chmod 777 .*" as a solution to all their file sharing problems. Now this "magic command" was also being blindly passed around without worrying about security implications. Oh, yeah, they think they are clever and tape the login credentials to the underside of the keyboard and laugh at secretaries who tape it to their monitors.

    Looks like these grad students have all growned up and uploading it all to the cloud.

  • by WankersRevenge (452399) on Friday January 25, 2013 @11:10AM (#42690775)

    Yeah ... I was "that guy". The first time I installed Linux in 2000, I was annoyed that I needed "permission" to write to a directory outside of my home directory. I was coming from a Windows world, after all.

    I solved this "problem" by chmod 777 the entire filesystem. Hah. Problem solved. Needless to say, I couldn't start the machine back up again. I'm guessing it killed itself from the shear embarrassment. After that, I decided it may be in my best interest to read the manual.

    I'll do that one of these days :)

The sooner you fall behind, the more time you have to catch up.

Working...