Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security IT

Thousands of Corporate Secrets Were Left Exposed. This Guy Found Them All 7

Security researcher Bill Demirkapi unveiled a massive trove of leaked developer secrets and website vulnerabilities at the Defcon conference in Las Vegas. Using unconventional data sources, Demirkapi identified over 15,000 exposed secrets, including credentials for Nebraska's Supreme Court IT systems and Stanford University's Slack channels.

The researcher also discovered 66,000 websites with dangling subdomain issues, making them vulnerable to attacks. Among the affected sites was a New York Times development domain. Demirkapi's tack involved scanning VirusTotal's database and passive DNS replication data to identify vulnerabilities at scale. He developed an automated method to revoke exposed secrets, working with companies like OpenAI to implement self-service deactivation of compromised API keys.
This discussion has been archived. No new comments can be posted.

Thousands of Corporate Secrets Were Left Exposed. This Guy Found Them All

Comments Filter:
  • Gemini (Score:4, Funny)

    by srussia ( 884021 ) on Friday August 16, 2024 @12:52PM (#64711880)
    Code comment "Don't be evil /s" found in in Gemini!
  • by Anonymous Coward

    ALL OF THEM?!? no way

  • so much for a free press, now we get the fee press

    • There's no great solution. Either we allow the market to rule (and no matter the initial state, eventually the market will be controlled by a handful of people), or we nationalize and what, allow the government full control so a different handful of people decide, only less efficiently?

      I'm starting to think an educated mob rule is the answer. When someone gets too far out of line, the mob takes care of it. That means anybody in any position of power needs to be careful not to piss off the mob. That's th

    • It's free to write it, not to read it.
  • by peterww ( 6558522 ) on Friday August 16, 2024 @02:13PM (#64712034)

    Helping corporations, I mean. They will continue to ignore these vulnerabilities until they are compromised and shamed, or forced to comply by legal requirements.

    The only time an executive has taken an interest in making sure their company was secure was when there was a litigation risk, government fine, or threat to the stock price.

  • all links in the op that link to the topic seem borked.

    the link domain appears to be linked to a github account:

    lixiang521.com. 399 IN CNAME idealeer.github.io.

    but all repos seem uninformative.

"Pok pok pok, P'kok!" -- Superchicken

Working...