all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Leaving Authentication Credentials in Public Code

Add to bookmarks
Nov. 16, 2023, 12:10 p.m. | Bruce Schneier

Schneier on Security www.schneier.com

Seth Godin wrote an article about a surprisingly common vulnerability: programmers leaving authentication credentials and other secrets in publicly accessible software code:


Researchers from security firm GitGuardian this week reported finding almost 4,000 unique secrets stashed inside a total of 450,000 projects submitted to PyPI, the official code repository for the Python programming language. Nearly 3,000 projects contained at least one unique secret. Many secrets were leaked more than once, bringing the total number of exposed secrets to almost 57,000...

article authentication code code repository credentials gitguardian language official programmers programming programming language projects public pypi python repository researchers secrets security software software code vulnerability week

Visit resource

More from www.schneier.com / Schneier on Security

New Attack on VPNs 8 hours ago | www.schneier.com
applications attack cyberattack encrypted +14
New Lawsuit Attempting to Make Adversarial Interoperability Legal 1 day, 12 hours ago | www.schneier.com
adversarial copyright courts interoperability +4
Friday Squid Blogging: Squid Purses 4 days, 2 hours ago | www.schneier.com
blog blogging can guidelines +6
My TED Talks 4 days, 5 hours ago | www.schneier.com
conferences controls data internet +9
Rare Interviews with Enigma Cryptanalyst Marian Rejewski 4 days, 12 hours ago | www.schneier.com
crack cryptanalysis enigma history of cryptography +5
The UK Bans Default Passwords 5 days, 12 hours ago | www.schneier.com
act and telecommunications ban bans +19
AI Voice Scam 6 days, 12 hours ago | www.schneier.com
artificial intelligence bbc money scam +4
WhatsApp in India 1 week ago | www.schneier.com
courts encryption end end-to-end +5
Whale Song Code 1 week, 1 day ago | www.schneier.com
basic broadcast code cold +18

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Principal Engineer - DLP Endpoint Security

@ Netskope | Bengaluru, Karnataka, India
View on infosec-jobs.com

Security Consultant (m/w/d)

@ Deutsche Telekom | Berlin, Deutschland
View on infosec-jobs.com

Security Engineer

@ IDEMIA | Haarlem, NL, 2031 CC
View on infosec-jobs.com

CyberSecurity Forensics and Incident Response Analyst

@ Bosch Group | Pittsburgh, PA, United States
View on infosec-jobs.com

Cyber MS MDR - Sr Associate

@ KPMG India | Bengaluru, Karnataka, India
View on infosec-jobs.com

Senior Lead Cybersecurity Architect-Threat modeling, Cryptography

@ JPMorgan Chase & Co. | India
View on infosec-jobs.com
View more jobs