Security News > 2023 > February > S3 Ep120: When dud crypto simply won’t let go [Audio + Text]
![S3 Ep120: When dud crypto simply won’t let go [Audio + Text]](/static/build/img/news/s3-ep120-when-dud-crypto-simply-wont-let-go-audio-text-medium.jpg)
This is not a breach of the GitHub systems or the GitHub infrastructure or how GitHub stores files - it's just that GitHub's code on GitHub some of the stuff that was supposed to be private got downloaded.
In the end, GitHub found, I think, that there are only three stolen certificates that were actually still valid, in other words, that crooks could actually use for signing anything.
So GitHub has said to Apple, "Watch out for anything that comes along that's signed with that."
Of course, there's a minor side-effect here, and that is that if you're using the GitHub Desktop product, or if you're still using the Atom editor, then essentially GitHub is revoking signing keys *for their own apps*.
It's another bad look for GitHub that included in the breach were code-signing certificates.
It's a good look for GitHub that, by the way they managed those certificates.
News URL
https://nakedsecurity.sophos.com/2023/02/02/s3-ep120-when-dud-crypto-simply-wont-let-go-audio-text/