all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Leaving Authentication Credentials in Public Code

Add to bookmarks
Nov. 16, 2023, 12:10 p.m. | Bruce Schneier

Schneier on Security www.schneier.com

Seth Godin wrote an article about a surprisingly common vulnerability: programmers leaving authentication credentials and other secrets in publicly accessible software code:


Researchers from security firm GitGuardian this week reported finding almost 4,000 unique secrets stashed inside a total of 450,000 projects submitted to PyPI, the official code repository for the Python programming language. Nearly 3,000 projects contained at least one unique secret. Many secrets were leaked more than once, bringing the total number of exposed secrets to almost 57,000...

article authentication code code repository credentials gitguardian language official programmers programming programming language projects public pypi python repository researchers secrets security software software code vulnerability week

Visit resource

More from www.schneier.com / Schneier on Security

Breaking Laptop Fingerprint Sensors 51 minutes ago | www.schneier.com
authentication biometrics breaking dell +24
Digital Car Keys Are Coming 16 hours ago | www.schneier.com
car cars coming digital +10
Secret White House Warrantless Surveillance Program 2 days, 1 hour ago | www.schneier.com
att data end enforcement +17
Friday Squid Blogging: Squid Nebula 4 days, 14 hours ago | www.schneier.com
blogging blue end life +4
Chocolate Swiss Army Knife 4 days, 17 hours ago | www.schneier.com
air travel army humor keys +5
LitterDrifter USB Worm 5 days ago | www.schneier.com
actinium armageddon bear beyond +20
Apple to Add Manual Authentication to iMessage 1 week ago | www.schneier.com
account apple authenticate authentication +10
Email Security Flaw Found in the Wild 1 week, 1 day ago | www.schneier.com
analysis authentication bug collaboration +27
Using Generative AI for Surveillance 1 week, 2 days ago | www.schneier.com
analysis artificial intelligence chatgpt data +9

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Security Analyst Consultant

@ Kalles Group | Seattle Area
View on infosec-jobs.com

Principal Engineer - SecEng (Prisma Cloud Application Security)

@ Palo Alto Networks | Tel Aviv-Yafo, Israel
View on infosec-jobs.com

Privacy Officer BeNeLux

@ Wolters Kluwer | NLD - Alphen Aan Den Rijn
View on infosec-jobs.com

Senior Information Security Specialist :Threat Intelligence

@ NTT DATA | Johannesburg, South Africa
View on infosec-jobs.com

Cyber Security - SOC Analyst (L2)

@ WPP | Chennai
View on infosec-jobs.com

Cybersecurity Analyst - A&A Support

@ Maveris | Washington, District of Columbia, United States - Remote
View on infosec-jobs.com
View more jobs