Adobe Security Team Accidentally Posts Private PGP Key On Blog (arstechnica.com)

← Back to Stories (view on slashdot.org)

Adobe Security Team Accidentally Posts Private PGP Key On Blog (arstechnica.com)

Posted by BeauHD on Friday September 22, 2017 @10:00AM from the whoopsie-daisy dept.

A member of Adobe's Product Security Incident Response Team (PSIRT) accidentally posted the PGP keys for PSIRT's email account -- both the public and the private keys. According to Ars Technica, "the keys have since been taken down, and a new public key has been posted in its stead." From the report: The faux pas was spotted at 1:49pm ET by security researcher Juho Nurminen. Nurminen was able to confirm that the key was associated with the psirt@adobe.com e-mail account. To be fair to Adobe, PGP security is harder than it should be. What obviously happened is that a PSIRT team member exported a text file from PSIRT's shared webmail account using Mailvelope, the Chrome and Firefox browser extension, to add to the team's blog. But instead of clicking on the "public" button, the person responsible clicked on "all" and exported both keys into a text file. Then, without realizing the error, the text file was cut/pasted directly to Adobe's PSIRT blog.

40 of 60 comments (clear)

Min score:

Reason:

Sort:

Impossible! by fuzzyfuzzyfungus · 2017-09-22 10:08 · Score: 4, Funny

This article is clearly a lie. How can a mythological entity have a PGP key?
Revocation by jimprdx · 2017-09-22 10:09 · Score: 2

But they can revoke it, can't they? An embarrassing screw-up, but no harm done. It's not as if the Adobe security team's credibility was particularly stellar to begin with... :)
1. Re:Revocation by gwolf · 2017-09-22 18:53 · Score: 1
  
  Of course - You can revoke it as well. Everybody that holds both the private and the public parts can issue a revocation certificate!
  (and somebody has... Lets assume it was Adobe!)
2. Re:Revocation by thsths · 2017-09-22 23:55 · Score: 2
  
  Yes, but even then, people can decrypt emails previous send to Adobe, right?
How the hell?!?!? by Aethedor · 2017-09-22 10:11 · Score: 1

How the hell did their PGP key even end up on their webserver?!?!?

--
It doesn't have to be like this. All we need to do is make sure we keep talking.
1. Re:How the hell?!?!? by vux984 · 2017-09-22 10:17 · Score: 3, Informative
  
  How the hell did their PGP key even end up on their webserver?!?!?
  The summary was all of 7 sentences; 3 of them were dedicated to the answer to this very question.
2. Re:How the hell?!?!? by rholtzjr · 2017-09-22 10:21 · Score: 1
  
  PEBKAC (Problem Exists Between Keyboard and Chair)
In the Near Future ... by Archangel+Michael · 2017-09-22 10:27 · Score: 2

We will stop seeing these kinds of articles, since it is a daily occurrence, and just assume someone somewhere was hacked in a major data breach.

--
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
1. Re:In the Near Future ... by jellomizer · 2017-09-22 10:40 · Score: 2
  
  At some point I hope there will be major fines against companies that got hacked in a preventable way. And also hopefully more effort to track down the hackers who do the harm and give them 1 volt shock for every mega byte they had stolen.
  
  --
  If something is so important that you feel the need to post it on the internet... It probably isn't that important.
2. Re:In the Near Future ... by grep+-v+'.*'+* · 2017-09-22 14:24 · Score: 1
  
  give them 1 volt shock for every mega byte they had stolen.
  I agree with your sentiment, but you've got the wrong idea which is bad for making laws. Even the dictionary only hints at it -- take (another person's property) without permission or legal right and without intending to return it.
  
  Now they don't intend to return it, but that's because it hasn't gone anywhere. The bits are still located exactly where they're supposed to be.
  
  "Return it" indicates a uniqueness, to wit a physical item that the owner is deprived of and needs for it to be returned to make the owner whole again. Bits here ain't no such animal -- somehow someone duplicated a set of bits that was located on someone's computer.
  
  If I break into your house, use my Star Trek replicator to physically duplicate Every Single Item in there, then lick it while putting it back exactly where it was originally, have I stolen anything? No, although you should invest in an entire pallet of paper towels and could get me arrested on a "breaking and entering" charge. You couldn't point to anything that's not there before (besides saliva) so seems it would be hard to have me arrested for stealing even though I built an exact duplicate of your house and placed it next door, with the same creaky floors, flickering lights, and an overflowing trash can under that horrible Velvet Elvis that's on your wall.
  
  "Stealing" is generically correct since someone has access to things they didn't before, but to implement laws we need to be much more exact. And is your MB measurement in MB or MiB? What about compression? qbits? Does XML overhead count? What if it's fixed length records and 99% of it is spaces?
  
  You're going to zap someone to death for copying spaces?? And do you zap the poor slob on the actual keyboard, or his boss who's handed the data on a floppy? Heck, what if someone just pushed GO and a software package connected to available servers, collected what it could, filtered out the junk, and created and sold the data on eBay?
  
  No, really, you COULD set that up where "all" you did was press Go and the background agents did everything else. It needs some setup work on the front-end, but that could really have been an "innocent" person.
  
  Personally, I'm for keeping it nice and easy -- (1 Volt per Second) per Byte for the offender, their family and friends AND computers. Cloud Service vendors gets 10% of the penalty because they should have been watching what you were doing, while Facebook gets 90% of that -- because they're Facebook, not that they were involved. THAT just makes it worse.
  
  --
  If the universe is someone's simulation -- does that mean the stars are just stuck pixels?
There is no security so long as... by TheZeitgeist · 2017-09-22 10:29 · Score: 2

...humanities majors keep getting IT security jobs. No such thing as foolproof if a fool does the proofing.
1. Re: There is no security so long as... by TheZeitgeist · 2017-09-22 10:56 · Score: 1
  
  Oh, I don't know about that. Math is hard, but not for everybody, and certainly not for females the likes of a Lisa Meitner or Emily Noether...those calls can math me up all day long any time they want.
"PGP security is harder than it should be." by david.emery · 2017-09-22 10:35 · Score: 1

That's a key point and a key contributor to Internet insecurity. One could argue that, to make it 'perfect', the designers of PKI have made it unusable by the average user. And the OS vendors (Microsoft, Apple and Linux community) have not helped. Nor have the purveyors of PKI credentials, again to make trust "absolute", the cost and 'annoyance overhead' makes getting your own key too difficult for anyone short of a fully qualified IT department with PKI expertise.
1. Re:"PGP security is harder than it should be." by gweihir · 2017-09-22 11:18 · Score: 3, Insightful
  
  Actually, it is not. Just as with the functioning of a house-key, there is a minimal understanding that is required for public-key crypto, or security will not be provided. Yes, that means many people cannot have secure encryption. That is just the way things are. Wishing things to be different does not change them.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
2. Re:"PGP security is harder than it should be." by thsths · 2017-09-22 23:59 · Score: 1
  
  Basic, yes, but not easy. The whole terminology is quite obscure, starting with "public and private key". Only the private key is a key in the usual sense of the word, in that it opens things. The public key is more like a container or envelop, and should have never been called key. And PGP suffers from a complete lack of usability design throughout.
  Arguably the expected usability cannot be achieved in a decentralised serverless system.
3. Re:"PGP security is harder than it should be." by gweihir · 2017-09-23 01:39 · Score: 1
  
  The "computers are easy" statements come from marketing. They have no basis in reality. We all spend several years learning how to read and write. My estimate is that about the same amount of learning and time is needed to use computers competently. Most people are unwilling to spend that time and will stay on low amateur level. Eventually, it will have to become a major subject in school, because the cost of not doing that is just far too high. At the moment tings are still moving too fast for that though.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
4. Re:"PGP security is harder than it should be." by gweihir · 2017-09-23 10:11 · Score: 1
  
  I did not claim things were moving "forward". It is more like "moving in spirals" (with circles you would at least get back to a sane state one in a while). I pretty much agree with you.
  The problem is that each new "OS" needs a different UI, each new phone needs one, etc. for marketing purposes to give the appearance of "new" and trigger an unwarranted association of "better". Until that quiets down, it does not make much sense teaching this in school, as people will associate UI elements with actual functionality and UI changes will make that "knowledge" useless.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
UI failure by Anonymous Coward · 2017-09-22 10:37 · Score: 4, Insightful

As much as I hate Adobe and most of their shitware, I don't think it's fair to totally fault the poor person who did this.

But instead of clicking on the "public" button, the person responsible clicked on "all" and exported both keys into a text file.
If a mistake of this magnitude is a single misclick away from happening - something that's really easy to do in a moment's careless mistake of the type EVERYONE has - something is broken with that UI.
There should be warnings in red you have to override with an explicit and nontrivial action.
1. Re:UI failure by dgatwood · 2017-09-22 11:07 · Score: 1
  
  There shouldn't even be UI for such a risky action. If you need the private key, you should have to hunt for the file on the hard drive, double-click it, and open it in a text editor. Doing the right thing should be easy, and doing the wrong thing should be hard.
  
  --
  Check out my sci-fi/humor trilogy at PatriotsBooks.
2. Re:UI failure by gweihir · 2017-09-22 11:28 · Score: 1
  
  Actually, if the private key is protected by a good passphrase, this operation is not risky at all.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
3. Re:UI failure by dgatwood · 2017-09-22 11:34 · Score: 1
  
  If by "not risky", you mean "able to survive local brute-forcing by a massive botnet", then you have more faith in passphrases—even good passphrases—than I do.
  
  --
  Check out my sci-fi/humor trilogy at PatriotsBooks.
4. Re:UI failure by gweihir · 2017-09-22 12:03 · Score: 1
  
  No, I just do understand how this works.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
5. Re:UI failure by Khyber · 2017-09-22 12:47 · Score: 1
  
  Son, your understanding is laughed at by todays technology.
  
  --
  Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
6. Re:UI failure by gweihir · 2017-09-23 01:45 · Score: 1
  
  I find it fascinating how anybody that does not have a solid grounding in crypto feels competent to comment on what crypto can do and what it cannot do. Of course, the statements made by such people are routinely wayyyyy off. That is one reason why people like me charge a high consulting fee when making such statements professionally, because it makes it more likely that the customer (who does not understand what is going on, just like you) actually listens.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
7. Re:UI failure by dgatwood · 2017-09-23 05:05 · Score: 1
  
  The funny thing is that I've implemented crypto algorithms. I'm intimately familiar with what they can and can't do. The largest botnet to date was a couple of million devices. Within five years, we'll likely have at least one that crests the ten-million-device mark. Depending on the speed of those devices (and whether they have hardware-assisted crypto support), that could easily mean on the order of a trillion cracking attempts per second or more.
  Assuming a passphrase contains only the 95 printable ASCII characters, an eight-character passphrase would take about 1.8 hours even without any sort of dictionary words. A ten-character random passphrase would take only about 1.9 years. Worse, that's for actual random line noise passwords, which are pretty unlikely in practice. If you assume that they probably picked a combination of dictionary words and l33t-ed versions of those words, cracking it becomes almost a trivial problem with a sufficiently large botnet unless the passphrase is truly enormous.
  So again, why do you think a strong passphrase is adequate to protect a crypto key? I'm not saying it doesn't slow down an attacker, but a compromised crypto key—even one protected by a strong, highly random passphrase—should still be immediately revoked. To do otherwise would be reckless and irresponsible. The cost of a mistake is large, and the cost of a revocation is small.
  
  --
  Check out my sci-fi/humor trilogy at PatriotsBooks.
Not a pattern by ebonum · 2017-09-22 10:51 · Score: 1

Adobe has such a long history of putting security first and demonstrating security best practices! How could this sort of thing happen? Or is it because a typical Adobe employee doesn't know the difference between private key and a hole in the ground.
With or without good passphrase protection? by gweihir · 2017-09-22 11:15 · Score: 2

Because if a good passphrase is used, then this is a complete non-issue.

--
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
1. Re:With or without good passphrase protection? by Khyber · 2017-09-22 12:48 · Score: 1
  
  My passphrase SUPPOSEDLY would take a few billion years to crack.
  It took less than 20 minutes for a server farm to crack my password.
  Try again when you aren't 30 years behind the times in terms of technology.
  
  --
  Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
2. Re:With or without good passphrase protection? by kriston · 2017-09-22 18:52 · Score: 1
  
  If the key is old enough, and if it were properly encrypted, that private key was encrypted using IDEA. Arguably it would still be secure with negligible risk according to https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm#Security
  
  --
  Kriston
3. Re:With or without good passphrase protection? by gweihir · 2017-09-23 01:47 · Score: 1
  
  The security of your "passphrase" is pretty irrelevant when attacking your "password". Are you sure you do understand what happened there?
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
4. Re:With or without good passphrase protection? by gweihir · 2017-09-23 01:53 · Score: 1
  
  Indeed. The other question is what the substance of the "billion year" estimate actually was. This estimate was likely faulty, which is easy to do when you have no clue how things work. For example, estimate the passphrase at 1.5bit/char of entropy, get, say, 150 bit, but then hash it down to 64 bit. That makes attacking the hash directly a lot easier. Or do one of the cardinal sins and use a phrase that is publicly known, like a citation form a book.
  "20 minutes on a server farm" does sound a lot like somebody screwed pretty badly, including in the "billion year" estimate.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
5. Re:With or without good passphrase protection? by gweihir · 2017-09-23 01:54 · Score: 1
  
  IDEA is not supported by modern PGP implementations anymore, AFAIK. Maybe some commercial ones still do it though.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
6. Re:With or without good passphrase protection? by CronoCloud · 2017-09-23 05:23 · Score: 1
  
  gpg --version
  gpg (GnuPG) 1.4.22
  Copyright (C) 2015 Free Software Foundation, Inc.
  License GPLv3+: GNU GPL version 3 or later
  This is free software: you are free to change and redistribute it.
  There is NO WARRANTY, to the extent permitted by law.
  Home: ~/.gnupg
  Supported algorithms:
  Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
  Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
  CAMELLIA128, CAMELLIA192, CAMELLIA256
  Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
  Compression: Uncompressed, ZIP, ZLIB, BZIP2
  gpg2 --version
  gpg (GnuPG) 2.1.13
  libgcrypt 1.7.8
  Copyright (C) 2016 Free Software Foundation, Inc.
  License GPLv3+: GNU GPL version 3 or later
  This is free software: you are free to change and redistribute it.
  There is NO WARRANTY, to the extent permitted by law.
  Home: ~/.gnupg
  Supported algorithms:
  Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
  Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
  CAMELLIA128, CAMELLIA192, CAMELLIA256
  Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
  Compression: Uncompressed, ZIP, ZLIB, BZIP2
7. Re:With or without good passphrase protection? by gweihir · 2017-09-23 10:03 · Score: 1
  
  I see. So they put it back in. The patent has probably expired by now. Using it is not a good idea though.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
8. Re:With or without good passphrase protection? by tlhIngan · 2017-09-25 04:48 · Score: 1
  
  "20 minutes on a server farm" does sound a lot like somebody screwed pretty badly, including in the "billion year" estimate.
  Password crackers have gotten a lot smarter the past few years. Forcing use of numbers, upper case, and symbols doesn't actually increase the search space all that much anymore if you have humans generating passwords (i.e., it's not random line noise).
  A modern password cracker will take a dictionary word, then apply common transformations to it to generate a test. "password" will then generate a list like "pa55word", "pa55w0rd", "passw0rd", "p4ssword", etc. for random l33t-ification, it will also try "Password" and "PASSWORD" (and the l33t combinations thereof), then add a number at the end, e.g. "password0" (and various capitalizations).
  The end result is a single dictionary word may generate say, 100-200 extra combinations - much less than the theoretical increase caused by adding capitals, numbers and symbols to the search space.
  It's possible to generalize this to pass phrases as well, though the dictionary may be a bit larger, the search space is probably a lot smaller since it's unlikely to include mis-spelt words or random l33t replacements.
  Applying trivial transforms really only works to satisfy the oddball password requirements - it really doesn't increase security all that much.
Poof by jonnythan · 2017-09-22 11:39 · Score: 3, Insightful

And just like that, all email ever encrypted with that key is subject to decryption.
No! by higuita · 2017-09-22 14:25 · Score: 1

gpg is not that hard, the true is that mailvelop is shit ... export public key is a common task... exporting the private key do not, so it should be in a totally different place with a proper warning
also google, yahoo, ms, etc should include support for gpg in their webmail ... gpg looks hard because most tools do not support it. integrate then and things will be easier

--
Higuita
1. Re:No! by CronoCloud · 2017-09-23 05:25 · Score: 1
  
  also google, yahoo, ms, etc should include support for gpg in their webmail ..
  You can already use gpg with webmail if you use a proper mail client over IMAP. I've done it for years.
2. Re:No! by higuita · 2017-09-24 02:12 · Score: 1
  
  that is what i do.. but most people that uses gmail and friends only use the webmail or in worst case, the phone app ... neither have gpg support
  
  --
  Higuita
3. Re:No! by CronoCloud · 2017-09-24 02:58 · Score: 1
  
  It is even possible to use Pgp on your phone. I use Gmail IMAP via k9 mail with openpgp.