Mastodawn

This is really a "WTF how could they ever think this is a good idea?" kind of vulnerability. Usually the kind of stuff you get from shady, incompetent startups, but this is Google...
https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules

Google API Keys Weren't Secrets. But then Gemini Changed the Rules. ◆ Truffle Security Co.

Google spent over a decade telling developers that Google API keys (like those used in Maps, Firebase, etc.) are not secrets. But that's no longer true.

Show thread

Siguza

@hanno we've long entered the era where Big Tech is shady and incompetent. The products they ship are broken and amateurish, their representatives constantly lie to you, and the only thing the companies are really concerned with is pumping their stock price.