Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Open Source Security IT

AWS Urges Devs To Scrub Secret Keys From GitHub 109

Posted by timothy
from the key-is-under-the-mat dept.
An anonymous reader writes "GitHub contains thousands of 'secret keys', which are stored in plain text and can be used by miscreants to access AWS accounts and either run up huge bills or even delete/damage the users files. Amazon is urging users of the coding community site to clean up their act."
This discussion has been archived. No new comments can be posted.

AWS Urges Devs To Scrub Secret Keys From GitHub

Comments Filter:
  • by QuasiSteve (2042606) on Monday March 24, 2014 @04:55AM (#46562137)

    Wouldn't the Streisand Effect in this context imply that more developers are going to be placing their AWS/API keys in plain view?

    I think you're more referring to the effect of full disclosure, where by making it public you end up not just notifying the potential victims (if they're even awake) but also a not statistically insignificant amount of script kiddies - thus instead of having the effect of less exploited victims, you end up getting more. At least initially - in the long run it should be the other way around.

    I seem to remember this having been a story before, though, so they should have been warned in the past.. or known better regardless.
    Ah, yes: http://it.slashdot.org/story/1... [slashdot.org]

  • by Richard_at_work (517087) <.moc.liamg. .ta. .ecirpdrahcir.> on Monday March 24, 2014 @07:03AM (#46562439)

    That's not a problem for the developer of the application, that's a problem for whomever is providing the hosted instance of their code. If a "normal non-technical user" is deploying the code, then they should equally be able to solve the problem of third party webservice keys etc where they are required.

"The way of the world is to praise dead saints and prosecute live ones." -- Nathaniel Howe

Working...