AWS Urges Devs To Scrub Secret Keys From GitHub 109
An anonymous reader writes "GitHub contains thousands of 'secret keys', which are stored in plain text and can be used by miscreants to access AWS accounts and either run up huge bills or even delete/damage the users files. Amazon is urging users of the coding community site to clean up their act."
Re:How effective is such an ... urging? (Score:3, Informative)
Wouldn't the Streisand Effect in this context imply that more developers are going to be placing their AWS/API keys in plain view?
I think you're more referring to the effect of full disclosure, where by making it public you end up not just notifying the potential victims (if they're even awake) but also a not statistically insignificant amount of script kiddies - thus instead of having the effect of less exploited victims, you end up getting more. At least initially - in the long run it should be the other way around.
I seem to remember this having been a story before, though, so they should have been warned in the past.. or known better regardless.
Ah, yes: http://it.slashdot.org/story/1... [slashdot.org]
Re:Opensource and web services keys (Score:4, Informative)
That's not a problem for the developer of the application, that's a problem for whomever is providing the hosted instance of their code. If a "normal non-technical user" is deploying the code, then they should equally be able to solve the problem of third party webservice keys etc where they are required.