froztbyte.getBlog() » information leakage http://blog.froztbyte.net returns the contents of froztbyte.blog Mon, 13 Oct 2014 20:19:25 +0000 en-US hourly 1 http://wordpress.org/?v=4.0 Retardville http://blog.froztbyte.net/2013/01/retardville/?utm_source=rss&utm_medium=rss&utm_campaign=retardville http://blog.froztbyte.net/2013/01/retardville/#comments Thu, 24 Jan 2013 14:30:04 +0000 http://blog.froztbyte.net/?p=362 Read more »

]]> Update: I’ve contacted Github support about this, and given them a suggestion about a default-on preference/setting to filter those for everyone but the repo owner, perhaps with a visual cue about it

Update 2: as of this update, the search for these sorts of files no longer appears to be working; I also got a mail back from github support about this earlier, but didn’t really read it yet

Or to give people the benefit of the doubt, perhaps they just didn’t know better. I don’t even understand how this comes to pass, it’s so different from what I’m typically used to.

github ssh keys

github bash history

github zsh history

 

The URLs for these are as follows:

  • https://github.com/search?q=path%3A.bash_history
  • https://github.com/search?q=path%3A.zsh_history
  • https://github.com/search?q=path%3A.ssh/id_rsa
There are some more, obviously. Use your imagination to find them. You can also filter for passwords and such:

  • https://github.com/search?q=path%3A.bash_history+password
  • https://github.com/search?q=path%3A.my.cnf

So, to all the people who have done this: don’t upload any of your history files, private ssh keys, etc, to something on the public internet.

 

]]> http://blog.froztbyte.net/2013/01/retardville/feed/ 0