In spectacular fail, Adobe security team posts private PGP key on blog

Enlarge / Um, yes, that was Adobe PSIRT's private PGP key on their website. Best get their new public key.

Having some transparency about security problems with software is great, but Adobe's Product Security Incident Response Team (PSIRT) took that transparency a little too far today when a member of the team posted the PGP keys for PSIRT's e-mail account—both the public and the private keys. The keys have since been taken down, and a new public key has been posted in its stead.

The faux pas was spotted at 1:49pm ET by security researcher Juho Nurminen:

Nurminen was able to confirm that the key was associated with the [email protected] e-mail account.

Read 4 remaining paragraphs | Comments

Post Tagged with , , , ,

Comments are closed.