Show Navigation

Public
- Public
- Network
- Groups
- Popular
- People

Conversation

Notices

infosec-handbook.eu (infosechandbook@mastodon.at)'s status on Friday, 22-Mar-2019 01:37:24 EDT infosec-handbook.eu

Repos hosted on GitHub and similar platforms often leak crypto secrets and API keys:
https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_04B-3_Meli_paper.pdf (PDF file)
– researchers scanned 13% of public GitHub repos
– 100,000 repos contained secrets; thousands of new secrets are leaked every day
– GitHub develops "token scanning" to help removing secrets, however, dedicated scanners like TruffleHog are ineffective according to the paper
#github #gitlab #token #key #leak #infosec #cybersecurity #security #development #trufflehog

In conversation Friday, 22-Mar-2019 01:37:24 EDT from mastodon.at permalink
1. infosec-handbook.eu (infosechandbook@mastodon.at)'s status on Friday, 29-Mar-2019 00:52:32 EDT infosec-handbook.eu
  in reply to
  
  It seems that ASUS employees uploaded some of their passwords to GitHub:
  https://techcrunch.com/2019/03/27/asus-hacking-risk/
  If true, this may have led to the compromise of their update servers, now known as Operation ShadowHammer:
  https://mastodon.at/@infosechandbook/101815258103125982
  
  In conversation Friday, 29-Mar-2019 00:52:32 EDT from mastodon.at permalink

Jonkman Microblog is a social network, courtesy of SOBAC Microcomputer Services. It runs on GNU social, version 1.2.0-beta5, available under the GNU Affero General Public License.

All Jonkman Microblog content and data are available under the Creative Commons Attribution 3.0 license.

Switch to desktop site layout.