GitHub key leaks and how to prevent them
#1
Information 
Quote:
[Image: tokens-on-github-featured.jpg]

Recently, researchers at North Carolina State University discovered more than 100,000 projects on GitHub with tokens, cryptographic keys, and other confidential data stored in open form. In total, more than half a million such objects were found in the public domain, of which more than 200,000 are unique. What’s more, the tokens were issued by major companies such as Google, Amazon MWS, Twitter, Facebook, MailChimp, MailGun, Stripe, Twilio, Square, Braintree, and Picatic.

GitHub is a popular resource for cooperative software development. It is used for storing code in repositories with open or restricted access, linking with colleagues, involving them in program testing, and using ready-made open-source developments. It greatly simplifies and speeds up the creation of apps and services, so many programmers are happy to use it. Companies that create their software based on open-source modules use it actively. In addition to that, companies that want to be transparent frequently use it.

However, special care should be taken when uploading code to GitHub — advice that some developers do not always follow.

What data got into the public domain

GitHub was found to be hosting blocks of openly available code containing tokens and keys sufficient to pass authorization and perform certain actions on behalf of users or apps. Among this unwittingly declassified information were:

* Login credentials for administrator accounts on major websites,

* API keys or tokens enabling the use of in-app API functions — a set of tools for interaction between various system components, for example, a program and a website,

* Cryptographic keys, many of which are used for authentication instead of a password, not in combination with one, so knowing only one key is enough to gain access to many resources, including private networks.  
Continue Reading
[-] The following 1 user says Thank You to harlan4096 for this post:
  • silversurfer
Reply


Messages In This Thread
GitHub key leaks and how to prevent them - by harlan4096 - 01 April 19, 07:02

Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
WhatsApp Launches New Username Feature ...
WhatsApp Opens Usern...harlan4096 — 17:12
AnyDesk 9.7.9 for Windows
Version 9.7.9 for ...harlan4096 — 15:57
uBOLite 2026.705.2152 (already available...
uBOLite 2026.705.2...harlan4096 — 10:23
Microsoft Warns Windows 11 Enterprise De...
Microsoft has issu...harlan4096 — 10:22
QOwnNotes
26.7.1 Added a ne...Kool — 05:26

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
avatar (47)dapedDow
avatar (49)TromPerl
avatar (46)RidgeDimb
avatar (37)ipumaqar
avatar (51)tanliorsPeri
avatar (43)lapedDow
avatar (49)rituabew
avatar (37)omyjul
avatar (41)papedDow
avatar (50)ArnoldFum
avatar (38)yfaza
avatar (49)Kevensi
avatar (48)ConradRoand
avatar (39)boineDon
avatar (51)spoofTum
avatar (50)WillieVot
avatar (40)Grompelbawn
avatar (41)vkseogaF
avatar (37)usogy
avatar (40)ywixazok
avatar (38)ixoqe
avatar (56)Step 1
avatar (36)pa.OpenTran

[-]
Online Staff
There are no staff members currently online.

>