Adobe security team fumble sees private PGP key published

By

Key revoked soon after blogging blunder.

Adobe has quietly removed a private encryption key used to secure its communications, after it was posted on the company's security blog.

Adobe security team fumble sees private PGP key published
Source: https://twitter.com/@jupenur

Security researcher Juho Nurminen discovered over the weekend that a member of Adobe's Product Security Incident Team (PSIRT) had published the private Pretty Good Privacy (PGP) digital key instead of just the public one.

Attackers with access to Adobe's private encryption keys can not only read scrambled PGP communications, they are also able to impersonate the company when sending encrypted messages.

While releasing a private key could have had disastrous consequences for Adobe, Nurminen pointed out that the credential published was only four days old, and hadn't been commonly used.

The key has since been revoked from PGP servers around the world, and can no longer be used.

Adobe has yet to comment on the error.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

SA Water plans 'once-in-a-generation' core technology uplift

SA Water plans 'once-in-a-generation' core technology uplift

Sportsbet recruits 'security champions' in shift-left strategy

Sportsbet recruits 'security champions' in shift-left strategy

Log In

  |  Forgot your password?