Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - GitHub Search Exposes Encryption Keys, Passwords In Code (securityweek.com)

wiredmikey writes: GitHub's new internal search has made it easy to uncover passwords, encryption keys, and other security missteps in software development projects that are hosted on the site. GitHub announced its internal search on Jan.23, which lets users search for any string through public and private repositories they have access to.

Some users discovered yet another way to use the search tool: finding files containing private encryption keys and source code with login credentials. Scarily enough, there were thousands of them.

Searching on id_rsa, a file which contains the private key for SSH logins, returned over 600 results. Other developers had hardcoded passwords for privileged user accounts, such as root, sa, and admin.

"With a simple script or tool, external hackers or malicious insiders can quickly discover these lost keys and use them to gain access to critical information assets," Jason Thompson, director of global marketing, SSH Communications Security said. "If the key grants a high level of administrative access, such as root, the potential threat to the business grows exponentially.

To be clear, GitHub is not at fault, since the company is just a hosting service. It just stores whatever files the developer wants to save. The search engine is not accidentally leaking confidential information. The data was already saved on GitHub, it is just making it easier for someone to find these mistakes.

Developers should note that GitHub has a Help page on how to make sure sensitive data is not saved to the repository.


Submission + - Can A New GPU Rejuvenate A 5 Year Old Gaming PC? (hothardware.com)

MojoKid writes: "New video card launches from AMD and NVIDIA are almost always reviewed on hardware less than 12 months old. That's not an arbitrary decision — it helps reviewers make certain that GPU performance isn't held back by older CPUs and can be particularly important when evaluating the impact of new interfaces or bus designs. That said, an equally interesting perspective might be to compare the performance impact of upgrading a graphics card in an older system that doesn't have access to the substantial performance gains of integrated memory controllers, high speed DDR3 memory, deep multithreading or internal serial links. As it turns out, even using a midrange graphics card like a GeForce GTX 660, substantial gains up to 150 percent can be achieved without the need for a complete system overhaul."

Submission + - SPAM: Gadgets make for ruder workplace

coondoggie writes: While smartphones and laptops have made our lives easier, they have also apparently made us ruder. A new survey of 1,400 CIOs conducted by Robert Half Technology shows that 51% of CIOs say that the availability of mobile electronic gadgets in the workplace has increased "breaches in workplace etiquette." Overall, 22% said that having more mobile gadgets in the office had reduced workforce etiquette significantly while 29% said that it had reduced etiquette somewhat. 42% of CIOs surveyed said that having more mobile gadgets in the office had not affected workforce etiquette whatsoever.
Link to Original Source

Submission + - Larry Lessig: Can American Culture Survive Google? (tnr.com)

An anonymous reader writes: The main article on The New Republic website today is a sharp piece by Harvard law professor and new media guru Lawrence Lessig on the powerful implications, good and bad, of the Google Books settlement. Lessig writes about how the settlement will profoundly reshape American copyright law in unintended ways, creating a system that further restricts books and ideas. And he tries to answer the very difficult question: How will American culture change in this new era?

Slashdot Top Deals

Nothing makes a person more productive than the last minute.