Security News > 2021 > November > Github cookie leakage – thousands of Firefox cookie files uploaded by mistake

Github cookie leakage – thousands of Firefox cookie files uploaded by mistake
2021-11-18 22:20

Two years ago, we wrote about the fact that incautious software developers had uploaded hundreds of thousands of private access control keys, entirely unintentionally, along with source code files that they did intend to make public.

Blindly packaging all these files into an archive for uploading to your favourite public repository seems pretty harmless, given that all the files in the lua account are supposed to be public.

A typical Unix or Linux computer will have hundreds or thousands of hidden files in any busy user's directory tree, and while only a few of these are as critical as your SSH keys, there many be hundreds, or even thousands, of hidden files that reveal vital secret information about you, your accounts, or your online activities.

Well, reporters over at UK IT news site El Reg, officially The Register, today wrote up a warning that they received from a reader who had just noticed that thousands of copies of Firefox browser cookie files, called cookies.

We didn't dig too deeply into the files that showed up, even though they're now a matter of public record, because we suspect that none of the users who had uploaded them intended to do so.

What to do? When you're uploading files for public use, make absolutely certain which files you've included in your bundle.


News URL

https://nakedsecurity.sophos.com/2021/11/18/github-cookie-leakage-thousands-of-firefox-cookie-files-uploaded-by-mistake/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Github 12 2 45 29 19 95