Adobe security team fumble sees private PGP key published

By

Key revoked soon after blogging blunder.

Adobe has quietly removed a private encryption key used to secure its communications, after it was posted on the company's security blog.

Adobe security team fumble sees private PGP key published
Source: https://twitter.com/@jupenur

Security researcher Juho Nurminen discovered over the weekend that a member of Adobe's Product Security Incident Team (PSIRT) had published the private Pretty Good Privacy (PGP) digital key instead of just the public one.

Attackers with access to Adobe's private encryption keys can not only read scrambled PGP communications, they are also able to impersonate the company when sending encrypted messages.

While releasing a private key could have had disastrous consequences for Adobe, Nurminen pointed out that the credential published was only four days old, and hadn't been commonly used.

The key has since been revoked from PGP servers around the world, and can no longer be used.

Adobe has yet to comment on the error.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments

Qantas contacted by "potential cyber criminal"

Qantas contacted by "potential cyber criminal"

SA Power Networks tackles IAM, cloud security under five-year strategy

SA Power Networks tackles IAM, cloud security under five-year strategy

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Log In

  |  Forgot your password?