Updated: Github users have been caught out storing keys and passwords in public repositories.
Search links popped up throughout Twitter today pointing to stored keys including what was reportedly credentials for the Google Chrome source code repository, Chromium.
Scores of other credentials were exposed, some representing serious security blunders.
Okay, someone has found a profoundly dangerous example of a password unwittingly stored to @github. This problem needs addressing ASAP.
— Melissa (@0xabad1dea) January 24, 2013
While the keys are no longer searchable via the GitHub due to technical problems, they remain exposed through normal internet search queries.There is also no mechanisms to prevent users from uploading keys, a point which some security boffins say GitHub should implement.
.@0xabad1dea it would be responsible for @github to alert on checkin. Crippling their search won't do squat.
— Dan Guido (@dguido) January 25, 2013
.png&h=140&w=231&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
