Hacker News new | ask | show | jobs
by jasonallen 3482 days ago
I'm always amazed at how efficient AWS is at detecting private keys on the internet (checked into github, etc..), and then proactively locking down accounts. I wonder how long it will be until we see a similar service from consumer accounts, like github or twitter. Seems like "have I been pwned" might offer a commercial API for such benefit...
2 comments
imtringued 3482 days ago
If the bots can find the api keys then amazon can just run their own bots.
link
symlinkk 3482 days ago
HIBP is simply a database of email addresses that have been associated with leaks. I don't see how that would help him identify private keys.
link
johncolanduoni 3482 days ago
Well AFAIK Twitter doesn't give users keypairs, so I think they meant do the same with leaked credentials.
link
jasonallen 3482 days ago
yeah, that's what I mean. Provide a service that reports back leaked working credentials so that the service provider can lock down the account.
link