Mastodawn

Retroactively changing the role of a token or key is a very bad idea.

https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules

#google #googleapikeys #infosec #cybersecurity

Google API Keys Weren't Secrets. But then Gemini Changed the Rules. ◆ Truffle Security Co.

Google spent over a decade telling developers that Google API keys (like those used in Maps, Firebase, etc.) are not secrets. But that's no longer true.

Show thread

Markus Gerstel

@harrysintonen I keep going back to @soatok's stance of "if you say it's not a vulnerability then I publish immediately"

Their incompetent triage team should not be the security researchers' problem.

Show thread

tekhedd Feb 26

@markus @harrysintonen @soatok If its "not a vuln" nobody could possibly object, right? I'm not even being sarcastic. For once.