Corporate Secrets Were Left Exposed. This Guy Found Them All
Bill Demirkapi discovered over 15,000 hardcoded secrets and 66,000 vulnerable websites, highlighting significant security risks and the need for better reporting mechanisms and innovative solutions in cybersecurity.
Read original article
Independent security researcher Bill Demirkapi has uncovered over 15,000 hardcoded secrets and 66,000 vulnerable websites by utilizing overlooked data sources. His findings, presented at the Defcon security conference, include sensitive information such as passwords and API keys linked to various organizations, including Nebraska’s Supreme Court and Stanford University. Demirkapi's research highlights the risks associated with hardcoded secrets, which can lead to unauthorized access and data breaches. He employed unconventional methods, such as scanning VirusTotal's extensive database, to identify these vulnerabilities at scale. His approach revealed that many high-profile websites, including those owned by major companies, had dangling subdomain issues, making them susceptible to attacks. While Demirkapi has developed methods to revoke some exposed secrets, he faced challenges in reporting vulnerabilities to companies like GitHub and Amazon Web Services, which lack efficient reporting mechanisms. His work emphasizes the need for innovative solutions to address security vulnerabilities and suggests that there are still many untapped data sources that could help improve web security.
- Bill Demirkapi found over 15,000 hardcoded secrets and 66,000 vulnerable websites.
- His research revealed significant security risks linked to exposed passwords and API keys.
- Demirkapi utilized unconventional data sources to identify vulnerabilities at scale.
- He faced challenges in reporting issues to major companies due to inadequate reporting systems.
- The findings underscore the importance of innovative approaches to enhance cybersecurity.
Related
Simple ways to find exposed sensitive information
Various methods to find exposed sensitive information are discussed, including search engine dorking, Github searches, and PublicWWW for hardcoded API keys. Risks of misconfigured AWS S3 buckets are highlighted, stressing data confidentiality.
Cloudflare reports almost 7% of internet traffic is malicious
Cloudflare's report highlights a 7% increase in malicious internet traffic, linked to global events. Urges prompt vulnerability patching, emphasizes DDoS attacks, API security risks, and the need for proactive defense strategies.
How to pwn a billion dollar VC firm using inspect element
A security researcher found sensitive data from VC firm a16z exposed on their website. Despite the potential risks, a16z didn't offer a bug bounty. The incident stresses the need for responsible disclosure and robust security practices.
Critical vulnerabilities in 6 AWS services disclosed at Black Hat USA
Critical vulnerabilities in six AWS services were disclosed, allowing account takeovers and data manipulation. Researchers highlighted a "Shadow Resources" attack exploiting predictable S3 bucket names. AWS resolved the issues after notification.
Serious flaw in critical applications: Plaintext passwords in process memory
Security experts found a vulnerability in applications like OpenVPN, Bitwarden, and 1Password, allowing plaintext passwords to remain in memory post-logout, posing risks of exploitation by malware.
6 commentsAWS's response seems muddled. To make sure that "customer credentials [...] belong solely to customers" surely you would typically want an endpoint to revoke exposed secret keys?
If you want to see something scary, look at the fake story Demirkapi managed to post, and note the domain name - actually nytimes.com! (IMPORTANT: The story is not real!)
https://web.archive.org/web/20230330043732/https://intl.prd....
Again, that's not real. But if the hacker tried, lots of people could react long before they realize it.
TL;DR a security researcher found lots of common security issues by using alternative data sources.
Related
Simple ways to find exposed sensitive information
Various methods to find exposed sensitive information are discussed, including search engine dorking, Github searches, and PublicWWW for hardcoded API keys. Risks of misconfigured AWS S3 buckets are highlighted, stressing data confidentiality.
Cloudflare reports almost 7% of internet traffic is malicious
Cloudflare's report highlights a 7% increase in malicious internet traffic, linked to global events. Urges prompt vulnerability patching, emphasizes DDoS attacks, API security risks, and the need for proactive defense strategies.
How to pwn a billion dollar VC firm using inspect element
A security researcher found sensitive data from VC firm a16z exposed on their website. Despite the potential risks, a16z didn't offer a bug bounty. The incident stresses the need for responsible disclosure and robust security practices.
Critical vulnerabilities in 6 AWS services disclosed at Black Hat USA
Critical vulnerabilities in six AWS services were disclosed, allowing account takeovers and data manipulation. Researchers highlighted a "Shadow Resources" attack exploiting predictable S3 bucket names. AWS resolved the issues after notification.
Serious flaw in critical applications: Plaintext passwords in process memory
Security experts found a vulnerability in applications like OpenVPN, Bitwarden, and 1Password, allowing plaintext passwords to remain in memory post-logout, posing risks of exploitation by malware.