Devs should not upload their configs - check this bad example

[peterw]

Amazon Web Services (AWS) is urging developers using the code sharing site GitHub to search for their AWS keys.

Thousands of ‘secret keys’, which unlock access to private Amazon Web Services accounts are currently available unencrypted to members of the public.

The secret keys are issued by Amazon Web Services when users open an account and provide applications access to AWS resources.


Read more: http://www.itnews.com.au/News/375785,aws-urges-developers-to-scrub-github-of-secret-keys.aspx

Check your AWS logins, a search for AWS keys returns almost 10,000 results.

 

[Dylan]

This is an incredibly deceptive thread title -- implying Amazon leaked keys when that's not remotely true.

People uploaded code to GitHub which includes their secret keys. This isn't a leak, just developers being stupid with their own code: no different than if I uploaded a script containing my root password. Amazon did absolutely nothing wrong and implying there was a leak is a seriously irresponsible way to create unjustified rage and panic.

 

[HalfEatenPie]

If a better title is written and suggested I'd be more than happy to update the title  

 

[fisle]

How about "This just in: Stupid people do stupid shit"?

 

[wlanboy]

Please rename it to "Devs should not upload their configs - check this bad example".

 

[tchen]

Okay, I fell for the link bait. Is it April already?

 

[raindog308]

Steve Ballmer would like to suggest a thread title change.

https://www.youtube.com/watch?v=KMU0tzLwhbE

 

[HalfEatenPie]

Updated the title!

Steve Ballmer would like to suggest a thread title change.

https://www.youtube.com/watch?v=KMU0tzLwhbE

Look at that sexy sweat line. 

 

[sv01]

they forgot we have .gitignore

 

[Wintereise]

Just let natural selection do its job, people hardly ever learn lessons without being slapped around a bit.