LOUNGE all new asksnapzu ideasforsnapzu newtribes interesting pics videos funny technology science technews gaming health history worldnews business web research entertainment food living internet socialmedia mobile space sports photography nature animals movies culture travel television finance music celebrities gadgets environment usa crime politics law money justice psychology security cars wtf art google books lifetips bigbrother women apple kids recipes whoa military privacy education facebook medicine computing wildlife design war drugs middleeast diet toplists economy fail violence humor africa microsoft parenting dogs canada neuroscience architecture religion advertising infographics sex journalism disaster software aviation relationships energy booze life japan ukraine newmovies nsa cannabis name Name of the tribe humanrights nasa cute weather gifs discoveries cops futurism football earth dataviz pets guns entrepreneurship fitness android extremeweather fashion insects india northamerica
+2 2 0
Published 3 years ago with 3 Comments

Join the Discussion

  • Auto Tier
  • All
  • 1
  • 2
  • 3
Post Comment
  • jmcs
    +5

    Bugs aside, I think the guy is an idiot. There is absolutely no excuse to store private credentials in a git repository in a server you don't control, even storing the configuration in the repository is bad enough.

    • idlethreat
      +4

      The basis of the bug is that

      1) you explicitly create a private repository

      2) software tells you have a private repo (yay!)

      3) software actually creates a public repo (woops!)

      On problem I seen was that he fixed the problem pretty quickly. he changed his password, deleted the exposed keys. Problem solved, right? Amazon spun up a bunch of other instances with his compromised and now changed credentials.

      While he did flub, he did damage control. Amazon allowed new EC2 instances get spun up anyway. I think that's a bigger problem than him letting his keys leak.

  • tehdiplomat
    +2

    Also, this isn't a Visual Studio bug, it's an extension for GitHub in VS bug, as the update now suggests.

Here are some other snaps you may like...