9 years ago
3
How a bug in Visual Studio 2015 exposed my source code on GitHub and cost me $6,500 in a few hours
How a bug in Visual Studio 2015 exposed my source code on GitHub and cost me $6,500 in a few hours.
Continue Reading
https://www.humankode.com
Join the Discussion
Bugs aside, I think the guy is an idiot. There is absolutely no excuse to store private credentials in a git repository in a server you don't control, even storing the configuration in the repository is bad enough.
The basis of the bug is that
1) you explicitly create a private repository
2) software tells you have a private repo (yay!)
3) software actually creates a public repo (woops!)
On problem I seen was that he fixed the problem pretty quickly. he changed his password, deleted the exposed keys. Problem solved, right? Amazon spun up a bunch of other instances with his compromised and now changed credentials.
While he did flub, he did damage control. Amazon allowed new EC2 instances get spun up anyway. I think that's a bigger problem than him letting his keys leak.
Also, this isn't a Visual Studio bug, it's an extension for GitHub in VS bug, as the update now suggests.