NewsGitHub Search Update Exposes Security Vulnerabilities

GitHub Search Update Exposes Security Vulnerabilities

Developer.com content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

On Tuesday, the popular code hosting service GitHub updated its search capabilities. By Thursday, developers had discovered that those new search capabilities were turning up private information that was publicly available through GitHub. In many cases, that information included private encryption keys for GitHub projects. Armed with those keys, hackers could potentially access and make changes to the code for various projects.

Security experts are warning GitHub users to make sure they don’t accidentally include their private files when they upload code to GitHub. But some are calling for GitHub to take stronger measures to ensure this sort of thing doesn’t happen. One security researcher tweeted, “When one person pushes their private key to GitHub, it’s an idiot problem. When a hundred people do, it’s not about idiot users anymore.”

View article

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends & analysis

Latest Posts

Related Stories