Adobe's security team just blogged their private PGP key

[HavocXphere]

Adobe's Product Security Incident Response Team (PSIRT) took that transparency a little too far today when a member of the team posted the PGP keys for PSIRT's e-mail account—both the public and the private keys.

:crylaugh:

Someone's getting fired.

https://arstechnica.com/information...-security-team-posts-private-pgp-key-on-blog/

 

[OCP]

Doh!

 

[infscrtyrisk]

We know that developers do this all the time, but this was a member of the Security Incident Response Team. Time to think of a new career.

 

[Sinbad]

Security incident creation team

 

[Thor]

Wow

 

[sajunky]

I didn't know that a private key can be exposed to the world with one click. It should be burried deeper to prevent mistakes. What app did the use?
Definitely poor software design.

 

[infscrtyrisk]

I didn't know that a private key can be exposed to the world with one click. It should be burried deeper to prevent mistakes. What app did the use?
Definitely poor software design.

Lol, I guess that you haven't worked with keys much?

 

[sajunky]

Lol, I guess that you haven't worked with keys much?

I am really sorry, not with a software which allows to expose private keys with one click.

 

[HavocXphere]

I didn't know that a private key can be exposed to the world with one click. It should be burried deeper to prevent mistakes. What app did the use?
Definitely poor software design.

Thing is pvt key is a bit like a pin for a card. Being careful with it should be instinctive.

 

[sajunky]

Thing is pvt key is a bit like a pin for a card. Being careful with it should be instinctive.

Sweeping a card is instinctive. Entering a pin - not quite sure.