Adobe Security Team Accidentally Posts Private PGP Key On Blog (arstechnica.com) 60
A member of Adobe's Product Security Incident Response Team (PSIRT) accidentally posted the PGP keys for PSIRT's email account -- both the public and the private keys. According to Ars Technica, "the keys have since been taken down, and a new public key has been posted in its stead." From the report: The faux pas was spotted at 1:49pm ET by security researcher Juho Nurminen. Nurminen was able to confirm that the key was associated with the psirt@adobe.com e-mail account. To be fair to Adobe, PGP security is harder than it should be. What obviously happened is that a PSIRT team member exported a text file from PSIRT's shared webmail account using Mailvelope, the Chrome and Firefox browser extension, to add to the team's blog. But instead of clicking on the "public" button, the person responsible clicked on "all" and exported both keys into a text file. Then, without realizing the error, the text file was cut/pasted directly to Adobe's PSIRT blog.
another flash in the brain-pan? (Score:1)
And the hits just keep on coming from our A-list blisters
The team that brought us Flash, to inspire full employment for browser designers, to keep them busy writing disability check boxes.
Oh, so NOW it's going away? After all the breaches, hacks, and violations?
Took their sweet time owning up to the horridity.
Still, better Nate than Clever.
Impossible! (Score:5, Funny)
Revocation (Score:2)
Re: (Score:2)
Of course - You can revoke it as well. Everybody that holds both the private and the public parts can issue a revocation certificate!
(and somebody has... Lets assume it was Adobe!)
Re: (Score:3)
Yes, but even then, people can decrypt emails previous send to Adobe, right?
How the hell?!?!? (Score:2)
Re:How the hell?!?!? (Score:4, Informative)
How the hell did their PGP key even end up on their webserver?!?!?
The summary was all of 7 sentences; 3 of them were dedicated to the answer to this very question.
Re: (Score:2)
In the Near Future ... (Score:2)
We will stop seeing these kinds of articles, since it is a daily occurrence, and just assume someone somewhere was hacked in a major data breach.
Re: (Score:3)
At some point I hope there will be major fines against companies that got hacked in a preventable way. And also hopefully more effort to track down the hackers who do the harm and give them 1 volt shock for every mega byte they had stolen.
Re: (Score:2)
give them 1 volt shock for every mega byte they had stolen.
I agree with your sentiment, but you've got the wrong idea which is bad for making laws. Even the dictionary only hints at it -- take (another person's property) without permission or legal right and without intending to return it.
Now they don't intend to return it, but that's because it hasn't gone anywhere. The bits are still located exactly where they're supposed to be.
"Return it" indicates a uniqueness, to wit a physical item that the owner is deprived of and needs for it to be returned to make t
There is no security so long as... (Score:2)
Re: (Score:1)
"PGP security is harder than it should be." (Score:2)
That's a key point and a key contributor to Internet insecurity. One could argue that, to make it 'perfect', the designers of PKI have made it unusable by the average user. And the OS vendors (Microsoft, Apple and Linux community) have not helped. Nor have the purveyors of PKI credentials, again to make trust "absolute", the cost and 'annoyance overhead' makes getting your own key too difficult for anyone short of a fully qualified IT department with PKI expertise.
Re: (Score:2)
Basic, yes, but not easy. The whole terminology is quite obscure, starting with "public and private key". Only the private key is a key in the usual sense of the word, in that it opens things. The public key is more like a container or envelop, and should have never been called key. And PGP suffers from a complete lack of usability design throughout.
Arguably the expected usability cannot be achieved in a decentralised serverless system.
Re:"PGP security is harder than it should be." (Score:4, Insightful)
Actually, it is not. Just as with the functioning of a house-key, there is a minimal understanding that is required for public-key crypto, or security will not be provided. Yes, that means many people cannot have secure encryption. That is just the way things are. Wishing things to be different does not change them.
Re: (Score:2)
The "computers are easy" statements come from marketing. They have no basis in reality. We all spend several years learning how to read and write. My estimate is that about the same amount of learning and time is needed to use computers competently. Most people are unwilling to spend that time and will stay on low amateur level. Eventually, it will have to become a major subject in school, because the cost of not doing that is just far too high. At the moment tings are still moving too fast for that though.
Re: (Score:2)
I did not claim things were moving "forward". It is more like "moving in spirals" (with circles you would at least get back to a sane state one in a while). I pretty much agree with you.
The problem is that each new "OS" needs a different UI, each new phone needs one, etc. for marketing purposes to give the appearance of "new" and trigger an unwarranted association of "better". Until that quiets down, it does not make much sense teaching this in school, as people will associate UI elements with actual functi
UI failure (Score:4, Insightful)
As much as I hate Adobe and most of their shitware, I don't think it's fair to totally fault the poor person who did this.
But instead of clicking on the "public" button, the person responsible clicked on "all" and exported both keys into a text file.
If a mistake of this magnitude is a single misclick away from happening - something that's really easy to do in a moment's careless mistake of the type EVERYONE has - something is broken with that UI.
There should be warnings in red you have to override with an explicit and nontrivial action.
Re: (Score:2)
There shouldn't even be UI for such a risky action. If you need the private key, you should have to hunt for the file on the hard drive, double-click it, and open it in a text editor. Doing the right thing should be easy, and doing the wrong thing should be hard.
Re: (Score:2)
Actually, if the private key is protected by a good passphrase, this operation is not risky at all.
Re: (Score:2)
If by "not risky", you mean "able to survive local brute-forcing by a massive botnet", then you have more faith in passphrases—even good passphrases—than I do.
Re: (Score:2)
No, I just do understand how this works.
Re: (Score:2)
Son, your understanding is laughed at by todays technology.
Re: (Score:2)
I find it fascinating how anybody that does not have a solid grounding in crypto feels competent to comment on what crypto can do and what it cannot do. Of course, the statements made by such people are routinely wayyyyy off. That is one reason why people like me charge a high consulting fee when making such statements professionally, because it makes it more likely that the customer (who does not understand what is going on, just like you) actually listens.
Re: (Score:2)
The funny thing is that I've implemented crypto algorithms. I'm intimately familiar with what they can and can't do. The largest botnet to date was a couple of million devices. Within five years, we'll likely have at least one that crests the ten-million-device mark. Depending on the speed of those devices (and whether they have hardware-assisted crypto support), that could easily mean on the order of a trillion cracking attempts per second or more.
Assuming a passphrase contains only the 95 printable A
Not a pattern (Score:2)
Adobe has such a long history of putting security first and demonstrating security best practices! How could this sort of thing happen? Or is it because a typical Adobe employee doesn't know the difference between private key and a hole in the ground.
With or without good passphrase protection? (Score:3)
Because if a good passphrase is used, then this is a complete non-issue.
Re: (Score:2)
My passphrase SUPPOSEDLY would take a few billion years to crack.
It took less than 20 minutes for a server farm to crack my password.
Try again when you aren't 30 years behind the times in terms of technology.
Re: (Score:2)
Indeed. The other question is what the substance of the "billion year" estimate actually was. This estimate was likely faulty, which is easy to do when you have no clue how things work. For example, estimate the passphrase at 1.5bit/char of entropy, get, say, 150 bit, but then hash it down to 64 bit. That makes attacking the hash directly a lot easier. Or do one of the cardinal sins and use a phrase that is publicly known, like a citation form a book.
"20 minutes on a server farm" does sound a lot like someb
Re: (Score:2)
Password crackers have gotten a lot smarter the past few years. Forcing use of numbers, upper case, and symbols doesn't actually increase the search space all that much anymore if you have humans generating passwords (i.e., it's not random line noise).
A modern password cracker will take a dictionary word, then apply common transformations to it to generate a test. "password" will then
Re: (Score:2)
The security of your "passphrase" is pretty irrelevant when attacking your "password". Are you sure you do understand what happened there?
Re: (Score:2)
If the key is old enough, and if it were properly encrypted, that private key was encrypted using IDEA. Arguably it would still be secure with negligible risk according to https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm#Security [wikipedia.org]
Re: (Score:2)
IDEA is not supported by modern PGP implementations anymore, AFAIK. Maybe some commercial ones still do it though.
Re: (Score:2)
gpg --version
gpg (GnuPG) 1.4.22
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SH
Re: (Score:2)
I see. So they put it back in. The patent has probably expired by now. Using it is not a good idea though.
Poof (Score:4, Insightful)
And just like that, all email ever encrypted with that key is subject to decryption.
No! (Score:2)
gpg is not that hard, the true is that mailvelop is shit ... export public key is a common task... exporting the private key do not, so it should be in a totally different place with a proper warning
also google, yahoo, ms, etc should include support for gpg in their webmail ... gpg looks hard because most tools do not support it. integrate then and things will be easier
Re: (Score:2)
also google, yahoo, ms, etc should include support for gpg in their webmail ..
You can already use gpg with webmail if you use a proper mail client over IMAP. I've done it for years.
Re: (Score:2)
that is what i do.. but most people that uses gmail and friends only use the webmail or in worst case, the phone app ... neither have gpg support
Re: (Score:2)
It is even possible to use Pgp on your phone. I use Gmail IMAP via k9 mail with openpgp.