Mastodawn

In a few days, my team from @gitguardian_official and I will be in Taipei for RWC. We'll present the results of a joint research with Google researcher where we mapped leaked private keys to actual web certificate using Certificate Transparency data.
Today, we released a companion blog post that summarizes this research: https://blog.gitguardian.com/certificates-exposed-a-google-gitguardian-study/.

Bottom line: from the 1M private keys we had in our dataset, we found 40k were associated with 140k CT-logged certificates. Of those, 2,600 were valid at the time. We estimate that around 4,000 certificates are compromised every year because of a leaked key.

Among all compromised certificates's owners, we found 19 governmental entities from various countries, multiple Fortune 500, and 🥁 one certificate authority.

In my completely unbiased opinion, that's very insightful research 🙂.

Gaetan Oct 31, 2024

For my first ever post at GitGuardian, I unveil some of the scariest leaks we observed recently. That's shivers in your DevOps back 🕷️.

More than just a funny Halloween post, this showcases some of the very creative ways people manage to leak their secrets in the wild.
The key take away is that no company is safe from leaks. There is always an unexpected way one can expose your AWS secret key.

https://c.gitguardian.com/mzp

Doomed Keys and Hidden Threats: The Scariest Secrets in Your Repositories

At GitGuardian we see things that no one should ever see. We detect and collect leaked secrets that are so hideous we could lose our sanity. Let us introduce you to some of the most terrifying leaks we saw this year. If you dare.

GitGuardian Blog - Take Control of Your Secrets Security

Twitter	https://twitter.com/_mabote_
Blog	https://mabote.heimr.net/