SoylentNews is people
SoylentNews
from the information-wants-to-be-free? dept.
Adobe is showing that it can be transparent about its security practices:
Having some transparency about security problems with software is great, but Adobe's Product Security Incident Response Team (PSIRT) took that transparency a little too far today when a member of the team posted the PGP keys for PSIRT's e-mail account—both the public and the private keys. The keys have since been taken down, and a new public key has been posted in its stead.
The faux pas was spotted at 1:49pm ET by security researcher Juho Nurminen:
Oh shit Adobe pic.twitter.com/7rDL3LWVVz
— Juho Nurminen (@jupenur) September 22, 2017Nurminen was able to confirm that the key was associated with the psirt@adobe.com e-mail account.
Also at The Register and Wccftech.
[How many here have done something like this? Perhaps an extra file accidentally uploaded to GitHub? --Ed.]
(Score: 5, Interesting) by frojack on Saturday September 23 2017, @06:40PM
PGP was written as a back end process meant to be included in emailers, security systems, signing keys, and such.
Because proper integration (just now becoming common) was long in coming, (i speculate due to government pressure), PGP ended up as a stand alone product, and jury rigged into emailers (the main common man-in-the-street use) in such a way that only the geeks could survive.
Now emailers, at least, are starting to automate the whole process, including the key generation, publishing, and use.
So, yes, its a hornets nest, but only because it was half done, and thrown to the userbase in a state far too primitive for users to integrate.
Just getting your private key to all your devices is something of a bitch.
No, you are mistaken. I've always had this sig.