Latest News

NBN RSPs again ask NBN Co chief, Comms Minister for relief

CBA 'studying' the cryptocurrency space

Intel, Apple to be among attendees of White House meeting on chip shortage

Facebook's technology head Mike Schroepfer to step down

Xiaomi says its devices do not censor users

Passwords, SSH keys exposed on GitHub

By Darren Pauli on Jan 25, 2013 3:53PM

Passwords, SSH keys exposed on GitHub

GitHub search down, but user mistakes still exposed.

Updated: Github users have been caught out storing keys and passwords in public repositories.

Search links popped up throughout Twitter today pointing to stored keys including what was reportedly credentials for the Google Chrome source code repository, Chromium.

Scores of other credentials were exposed, some representing serious security blunders.

Okay, someone has found a profoundly dangerous example of a password unwittingly stored to @github. This problem needs addressing ASAP.
— Melissa (@0xabad1dea) January 24, 2013

While the keys are no longer searchable via the GitHub due to technical problems, they remain exposed through normal internet search queries.There is also no mechanisms to prevent users from uploading keys, a point which some security boffins say GitHub should implement.

.@0xabad1dea it would be responsible for @github to alert on checkin. Crippling their search won't do squat.
— Dan Guido (@dguido) January 25, 2013

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

github keys passwords rsa security ssh

Partner Content

From 30 people to 6 million: How workplace tech is driving Movember's global community

Promoted Content From 30 people to 6 million: How workplace tech is driving Movember's global community

Why efficient data sharing is vital for effective emergency management

Promoted Content Why efficient data sharing is vital for effective emergency management

Unblocking your organisation's data flows

Partner Content Unblocking your organisation's data flows

Why educators should partner rather than compete with EdTech

Promoted Content Why educators should partner rather than compete with EdTech

Sponsored Whitepapers

Tomago Aluminium improves SAP environment performance, security with Red Hat and IBM

Tomago Aluminium improves SAP environment performance, security with Red Hat and IBM

Future of work: Support your distributed HR workforce with digital document processes

Future of work: Support your distributed HR workforce with digital document processes

Develop a resiliency strategy that integrates risk analysis & continuity management

Develop a resiliency strategy that integrates risk analysis & continuity management

IBM Maximo: Manage any asset, anytime, any place with mobile EAM

IBM Maximo: Manage any asset, anytime, any place with mobile EAM

Optimise your operations with APM and AI-Powered insights

Optimise your operations with APM and AI-Powered insights

Events

How a FinTech can maintain agility while addressing Non-Functional requirements and ensuring compliance

Most Read Articles

Westpac replaces branch phone systems with iPhones, Teams Calling

Westpac replaces branch phone systems with iPhones, Teams Calling

Westpac loses its group head of data and advanced analytics

Westpac loses its group head of data and advanced analytics

NBN Co to charge free fibre recipients that don't stick with higher speed plans

NBN Co to charge free fibre recipients that don't stick with higher speed plans

Telstra-led consortium to build out NSW's digital twin

Telstra-led consortium to build out NSW's digital twin

Most popular tech stories