Tuesday, October 28, 2014

Do Not Leave Those Naked Pictures of Yourself on Github

One of the not-so-entertaining results of our civilization's obsession with computing and cash is the "fuck our customers we don't care" approach taken by the consumer electronics and computing industry towards such things as systems administration, backup administration and security administration and its impact on our lives.  Now we are all forced to take on these dreary sub-specialties or face one of many horrible fates that this technology mania has brought down upon us: the wiped disk, the non-working backup, the zombie computer used by Chinese or Russian spies, or worse, the "hactivist" holier-than-thou swine ready to exploit your assets to mine Bitcoin or some other juvenile and anti-social goal for their self-appointed crusade.   We are all now responsible for these and many other tasks and woe unto those of you who think you are above such things for then your sins as documented by your iPhone will appear on social media and there you will be, in full color, engaging in some drunken bisexual orgy as an undergraduate for everyone to see just as you are running for your first political office or other responsible position.

Be warned, if you wish to avoid this or some other horrible fate, there are a few hundred things you need to pay attention to at any one time, although that list is a moving target. You have to know enough to keep yourself out of trouble.  No one else will do this for you. 

Many of us use Github as a repository for source code for our projects and collaborations. In the past I have used it off and on, but these days I use it more or less 7/24. As part of your repository, one could keep security strings that give access to various other resources that exist out there, such as the Amazon cloud. A friend did just that and forgot about it. Although he certainly knew better a few years later he made that repository public (it was either that or delete it, he wasn't working on that particular idea anymore).

Well his repository contained security information for his cloud account on Amazon which he also wasn't actively using and some hackers grabbed it and ran up a bill in the many 10s of thousands of dollars per day. Amazon.com caught it nearly immediately and my friend will not be liable for most of this bill, hopefully not any of it.

My friend is beating himself up because of course he knew better. He does know better, by the way. Don't let this happen to you. He suggests reading the following discussion on these issues to learn how to keep passwords out of your Git repository.

Never forget it's a jungle out there and that, generally speaking, people are scum.

No comments:

Post a Comment