Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
ddephor44467yA nice one.
We once had to take part in a system where someone signed data with the public key and gave the private key out to the world to check the signature.
They didn't even know what they did until we told them.
And sadly there where already other companies who checked the signature and also hadn't noticed that they held the private key. -
@endor The guy in question may trust me, but do all the other clients he works with trust me?
(Unless they use different keys for each client, that is. And it's probably a simple mistake. But I still needed to call it out just in case.) -
mbj0471307yWasn't it adobe security team that posted their private key to Twitter not too long ago?
-
mbj0471307y@filthyranter ah I don't pay much attention. Meh that depends on the server and the user.
-
hjk10156967y@filthyranter I have to disagree with that one. With GPG you can publish signed software with viruses in it. In our case you need VPN and SSH key to gain access. So a GPG leak is much worse in our case.
-
hjk10156967y@d4ng3r0u5 Holy fuck that is bad and sad. Don't know why they didn't heed your username 🤣
-
@hjk101 Yes. I didn't say GPG wasn't important, but I'm sure you could do more damage with that SSH key
-
hjk10156967y@filthyranter If there is no firewalling you are right on the money! (so the first thing you would do once you're in, is find the GPG key and sign some crap and let it be hosted by the official server 😈)
-
Dear outsourced developers.
DO send me your private SSH keys. In plaintext. From a McDonald's free wifi.
LOL
Related Rants
-
DevTard16User:"It's not working" Me:"Have you turned it off and on again?" User:"Yes" Me: goes down there, system upti...
-
AdrianCookie18I think I'll never going to get a devRant stress ball, so i made this instead with my pretty low budget (0.5$)...
-
kwameboame5*yesterday* Client: "Perfect! How did you do this so quickly?" Me: "I used a library" *today* Me: "I'm still d...
Dear outsourced developers. Don't send me your private SSH key by email. I don't need it, it allows me to access anything else you can access pretending I'm you, and it shows a misunderstanding of how SSH keys work. 🤦🏻♂️
rant
ssh
facepalm