Tuesday, September 21, 2010

Let's go find some Private keys

I love it when people use a technology without thinking first. I deal with security software like PGP all day at my job and its ins and outs have become pretty routine for me. One of the first things you do after installing PGP is to create your public/private key pair. Once that is done, you can export your public key and share it with whomever you need to.

Your public key is just that, "PUBLIC". Which means it is fine to share it with the world. But your other key in the pair is your "PRIVATE" key. This keys should NEVER leave your system. It is typically protected with a password and is for your eyes only.

What I love is how many people don't think of this or even read up on the best practices before putting their keys out there.

If you do a search on the internet for the following: "BEGIN PGP PRIVATE KEY BLOCK filetype:asc" (without the double quotes around it), you will find a plethora of completely unsuspecting people and organizations that have no idea that their private key is out there for the world to download and abuse.

My suggestion to all of you is to create a new key pair and then export your public key, WITHOUT your private key. Because you shared it already, it is now compromised and you cannot ensure the nobody brute force hacked your password.

Thursday, September 09, 2010

So long use.perl.org

In an unexpected post this morning, it looks like use.perl.org is shutting down. I am not sure how many of you reference or read use.perl, but I was an avid peruser of the site. There were always interesting posts to read up there.

You will be missed use.perl, but hopefully you will return once pudge has a job and can find suitable hosting, the site will return. Until then it will be missed.
 
Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.