In spectacular fail, Adobe security team posts private PGP key on blog

Sean Gallagher

from Ars Technica - All content on 2017-09-22 20:37 (#32YQG)

Screen-Shot-2017-09-22-at-3.57.40-PM-800

Enlarge / Um, yes, that was Adobe PSIRT's private PGP key on their website. Best get their new public key.

Having some transparency about security problems with software is great, but Adobe's Product Security Incident Response Team (PSIRT) took that transparency a little too far today when a member of the team posted the PGP keys for PSIRT's e-mail account-both the public and the private keys. The keys have since been taken down, and a new public key has been posted in its stead.

The faux pas was spotted at 1:49pm ET by security researcher Juho Nurminen:

Oh shit Adobe pic.twitter.com/7rDL3LWVVz
- Juho Nurminen (@jupenur) September 22, 2017

Nurminen was able to confirm that the key was associated with the psirt@adobe.com e-mail account.

Read 4 remaining paragraphs | Comments

index?i=oar1wtFGWxg:xq2S9aVBy28:V_sGLiPB

index?i=oar1wtFGWxg:xq2S9aVBy28:F7zBnMyn

Source	RSS or Atom Feed
Feed Location	http://feeds.arstechnica.com/arstechnica/index
Feed Title	Ars Technica - All content
Feed Link	https://arstechnica.com/