r/Information_Security

🔥 Hot ▲ 97 r/ShittySysadmin+1 crossposts

We removed secrets from our repo 6 months ago. Turns out they’re still recoverable in git history.

Found out the hard way that deleting a secret from code doesn’t delete it from git history. Anyone with repo access can run a few commands and recover every credential we ever committed. We thought we fixed this months ago, well we didnt.

Apparently it’s a common thing, secrets that look removed but are sitting right there in commit history, valid and active.

What are ppl using that scans git history and validates whether discovered secrets are still active across cloud envs? Need something that tells me this AWS key from 6 months ago still works and has access to prod.

reddit.com

u/Exciting_Fly_2211 — 24 hours ago

▲ 7 r/Information_Security+1 crossposts

North Korea Hid 1,700 Malicious Packages Inside Your Dev Team's Tools

https://www.decryptiondigest.com/blog/north-korea-supply-chain-1700-packages

u/R0rshach_ — 19 hours ago

▲ 1 r/Information_Security

How to create a PGP Key on Kleopatra [GUIDE]

youtube.com

u/Husain108 — 10 hours ago

Week