Sahwa@reddthat.com to Technology@lemmy.worldEnglish · 9 hours ago‘The Worst Leak That I’ve Witnessed’: U.S. Cybersecurity Agency Leaves Its Digital Keys Out in Public on GitHubgizmodo.comexternal-linkmessage-square88fedilinkarrow-up1601arrow-down14cross-posted to: [email protected]
arrow-up1597arrow-down1external-link‘The Worst Leak That I’ve Witnessed’: U.S. Cybersecurity Agency Leaves Its Digital Keys Out in Public on GitHubgizmodo.comSahwa@reddthat.com to Technology@lemmy.worldEnglish · 9 hours agomessage-square88fedilinkcross-posted to: [email protected]
minus-squaredemonsword@lemmy.worldlinkfedilinkEnglisharrow-up168arrow-down4·edit-29 hours agovibe code go brrrrrrr EDIT: wow it’s far worse, it was a single contractor that decided that his convenience was above any and all security recommendations ever written. Pure. Genius!
minus-squarewonderingwanderer@sopuli.xyzlinkfedilinkEnglisharrow-up9·4 hours agoContractor, eh? How much do you wanna bet he has close personal ties to the trump family and zero cybersecurity experience?
minus-squarelIlIlIlIlIlIl@lemmy.worldlinkfedilinkEnglisharrow-up60arrow-down6·9 hours agoLeaving passwords in plaintext has zero to do with “vibe coding”
minus-squarevillage604@adultswim.fanlinkfedilinkEnglisharrow-up64arrow-down1·9 hours agoIt definitely can if an LLM did it.
minus-squarewucking_feardo@lemmy.worldlinkfedilinkEnglisharrow-up1·1 hour agoI agree and to expand the same point. Even if the llm didn’t do it, it’s entirely plausible the LLM recommended it and the dev just drank that coolaid
minus-squaredemonsword@lemmy.worldlinkfedilinkEnglisharrow-up22·9 hours agoyeah, and this is why I edited my original post after reading the article.
minus-squarenymnympseudonym@piefed.sociallinkfedilinkEnglisharrow-up2·1 hour agoYou know what’s ironic? FedRAMP rules dictate that Thou Must Scan Thy Repos for Secrets (tokens, passwords, etc) GitHub, ButrBucket, etc all have this out of the box for enterprise customers https://support.atlassian.com/bitbucket-data-center/kb/how-to-scan-for-and-remove-passwords-or-secrets-in-bitbucket-server-repositories/
vibe code go brrrrrrr
EDIT: wow it’s far worse, it was a single contractor that decided that his convenience was above any and all security recommendations ever written. Pure. Genius!
Contractor, eh?
How much do you wanna bet he has close personal ties to the trump family and zero cybersecurity experience?
Leaving passwords in plaintext has zero to do with “vibe coding”
It definitely can if an LLM did it.
I agree and to expand the same point. Even if the llm didn’t do it, it’s entirely plausible the LLM recommended it and the dev just drank that coolaid
yeah, and this is why I edited my original post after reading the article.
Only the best people
You know what’s ironic? FedRAMP rules dictate that Thou Must Scan Thy Repos for Secrets (tokens, passwords, etc)
GitHub, ButrBucket, etc all have this out of the box for enterprise customers
https://support.atlassian.com/bitbucket-data-center/kb/how-to-scan-for-and-remove-passwords-or-secrets-in-bitbucket-server-repositories/