New, by me: CISA Admin Leaked AWS GovCloud Keys on GitHub
-
@briankrebs Are you seriously telling me that somebody stored AWS govcloud secrets in a github repo ? In a file called "Important AWS Tokens" ? Do they not know who github is ? Is it intentional ?
Has that person been fired into the sun yet, along with whoever hired them ?
@jab01701mid @briankrebs isn't the real wtf storing secrets in a git repo, let alone pushing it to github?
-
@jab01701mid @briankrebs isn't the real wtf storing secrets in a git repo, let alone pushing it to github?
@GerardThornley @briankrebs I guess you have to store secrets somewhere, in your source or CI/CD pipeline playbook. I hope people are not checking in private keys, or the CEO's email password.
But govcloud IIRC is basically AWS but "secure for fedramp". Then using "github" for your source control is like the Manhattan Project keeping their notebooks in the local college library, but in a locked room.
-
New, by me: CISA Admin Leaked AWS GovCloud Keys on GitHub
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.
@briankrebs csv password docs... wow, just wow.
-
@briankrebs That sounds pretty bad, sure- but remember, whomever is left over there has the most important thing, which is loyalty.
@chux0r @briankrebs This is correct. The regime shitcanned everyone associated Biden’s CISA, including the contractors and brought their own people in. Watched it happen
-
It's possible this set of instructions by the CISA contractor might have caused all the trouble:
@briankrebs Seems this dude doesn't know how git works and the organisation did not enforced Separation of work and private stuff (on different devices!).
-
New, by me: CISA Admin Leaked AWS GovCloud Keys on GitHub
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.
@briankrebs Worskpace
-
New, by me: CISA Admin Leaked AWS GovCloud Keys on GitHub
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.
@briankrebs can't make this shit up
anyway I am off for some gardening, enough of those pesky computers -
New, by me: CISA Admin Leaked AWS GovCloud Keys on GitHub
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.
@briankrebs There's no way this is not intentional.
-
one of the most egregious government data leaks in recent history
The word "recent" is doing a lot of heavy lifting here. Like, this is a colossal fuckup, but we've had a lot of other colossal fuckups recently, so... y'know, context.
@Legit_Spaghetti @briankrebs "recent history" as in "this week".
And it's only Tuesday, so...
-
New, by me: CISA Admin Leaked AWS GovCloud Keys on GitHub
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.
@briankrebs make something idiot proof and nature will create a better idiot
Scnr
-
New, by me: CISA Admin Leaked AWS GovCloud Keys on GitHub
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.
So, does any of keys unlock the repo where the unredacted Epstein files are stored?
-
It's possible this set of instructions by the CISA contractor might have caused all the trouble:
@briankrebs are these LLM instructions or a note to self kind of deal?
