In association with heise online

08 March 2013, 15:18

Lost+Found: PGP verification, cash for Bitcoins, unsafe API keys

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Lost+Found icon Too small for news, but too good to lose, Lost+Found is a compilation of the other stories that have been on The H's radar this week: PGP verification, Java 0-days, Bitcoins for cash, default logins, API keys, and keyboards with card readers


  • From our "insult to injury" category: some security specialists now say that JAVA is an acronym for "Just Another Vulnerability Announcement", while others think that using Java in Pwn2Own exploits is "like doping in cycling".

  • Companies use display boards that say "No accidents reported for XYZ days" on their shop floors. A similar thing now exists for Java. At the moment, even a two-digit figure would probably be a reason to celebrate for Oracle.

  • Bitcoins can nowadays be used to buy almost anything – even cash. The sellers don't retain their recipients' personal details and only send out legitimate notes. At least that's what they say.

  • It's not a good idea to run web applications with default logins. Anyone should be clear on this – after looking through the Web Application Defaults DB, if not before.

  • Incidentally, a similarly bad idea is to place source code that contains private Google API keys on GitHub.

  • And while we're on the subject: one should also refrain from testing magnetic card readers that connect to a system as a USB keyboard in public chat rooms.

  • And don't forget to check the alt-text on that xkcd strip at the start of this week's Lost+Found

Version: GnuPG v1.4.8


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit