Slashdot Mirror

← Back to Stories (view on slashdot.org)

AI Can Scour Code To Find Accidentally Public Passwords (qz.com)

Posted by msmash on from the interesting-usecase dept.

An anonymous reader shares a report: Researchers at software infrastructure firm Pivotal have taught AI to locate this accidentally public sensitive information in a surprising way: By looking at the code as if it were a picture. Since modern artificial intelligence is arguably better than humans at identifying minute differences in images, telling the difference between a password and normal code for a computer is just like recognizing a dog from a cat. The best way to check whether private passwords or sensitive information has been left public today is to use hand-coded rules called "regular expressions." These rules tell a computer to find any string of characters that meets specific criteria, like length and included characters.

8 of 47 comments (clear)

  1. Just Look for Camel case plus numbers and symbols by goombah99 · · Score: 2

    There's realtively few instances where mixed capitals, symbols and numbers are valid syntax. yes there are, but few. sounds like we just made it easy to spot thepassword.

    --
    Some drink at the fountain of knowledge. Others just gargle.
  2. I do this sometimes by houghi · · Score: 2

    I do this from time to time myself. I just do the following:
    # grep -r Pa55W0rd $HOME
    Note the space before the grep. That way it does not end up in .bash_history and cause an issue there.
    I have found some from time to time.

    I am the only person on my PC, but security is a mentality.

    --
    Don't fight for your country, if your country does not fight for you.
    1. Re:I do this sometimes by Junta · · Score: 2

      Another option is to use the read command to store it in an environment variable, never having it on the CLI in the first place. This lets history still show you everything you did, but without the password and such in it.

      --
      XML is like violence. If it doesn't solve the problem, use more.
  3. You know where they should be looking? by bobstreo · · Score: 2

    Google Search. site:Domain and the word password.

    You'd be dismayed at how stupid some people are. Or maybe just not surprised.

  4. Third problem by goombah99 · · Score: 2

    Some people, when confronted with a problem, think "I know, I'll use regular expressions." Now they have two problems.

    and if it becomes self-aware regex then they have three problems, two of which don't matter anymore

    --
    Some drink at the fountain of knowledge. Others just gargle.
  5. Regular Expressions by jbwiebe · · Score: 3, Insightful

    Have we really reached the point on a 'News for Nerds' site where we need to explain the term 'regular expression'?

  6. Easy? by frank_adrian314159 · · Score: 2

    telling the difference between a password and normal code for a computer is just like recognizing a dog from a cat.

    Well, unless the code is PERL - then it looks like a password that has been spread over however many lines.

    --
    That is all.
  7. Re:Just Look for Camel case plus numbers and symbo by ichimunki · · Score: 2

    Good luck avoiding those "relatively few instances" in a Perl script.

    --
    I do not have a signature