not sure where to propose things to google, so I'll do it here, given that several googlers follow me. about leaking keys and hidden certs
-
-
and then someone else found a private key in a spotify app and there have been multiple similar issues
1 reply 1 retweet 0 likes -
someone should search for these things in a systematic way. and ideally that would be someone who crawls the web anyway, aka searchengines
3 replies 0 retweets 3 likes -
Good idea. While my pile of Android apps is aging, it's still ~1M apps. And yes, I'm seeing a good number of private keys already...
1 reply 1 retweet 1 like -
Would you mind making a PR on https://github.com/BenBE/kompromat ? TIA. Anonymous submissions accepted too ;-)
2 replies 0 retweets 1 like
I'll go a round of attempting to contact the authors first. Not that I have much hope of getting responses, based on my 2014 experiment.pic.twitter.com/z19x5cFyNW
-
-
Sure. I prefer the keys being revoked before publishing them in the kompromat set to minimize harm.
0 replies 0 retweets 1 likeThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.