logo
welcome
About us
Newsletter
News Widget
Media Inquiries

Summary

Security Researcher Finds Developer Secrets

This is a Nebraska news story, published by Wired, that relates primarily to Bill Demirkapi news.

Nebraska news

For more Nebraska news, you can click here:

more Nebraska news

Bill Demirkapi news

For more Bill Demirkapi news, you can click here:

more Bill Demirkapi news

News about Ai research

For more Ai research news, you can click here:

more Ai research news

Wired news

For more news from Wired, you can click here:

more news from Wired

About the Otherweb

Otherweb, Inc is a public benefit corporation, dedicated to improving the quality of news people consume. We are non-partisan, junk-free, and ad-free. We use artificial intelligence (AI) to remove junk from your news feed, and allow you to select the best tech news, business news, entertainment news, and much more. If you like this article about Ai research, you might also like this article about

developer secrets

. We are dedicated to bringing you the highest-quality news, junk-free and ad-free, about your favorite topics. Please come every day to read the latest data breaches news, cloud provider secrets news, news about Ai research, and other high-quality news about any topic that interests you. We are working hard to create the best news aggregator on the web, and to put you in control of your news feed - whether you choose to read the latest news through our website, our news app, or our daily newsletter - all free!

independent security researcher Bill Demirkapi
Wired

Wired

Thousands of Corporate Secrets Were Left Exposed. This Guy Found Them All

Wired
Summary
Nutrition label

75% Informative

Security researcher Bill Demirkapi has been building ways to tap into huge data sources, which are often overlooked by researchers, to find masses of security problems.

Among at least 15,000 developer secrets hard-coded into software, he found hundreds of username and password details linked to Nebraska ’s Supreme Court and its IT systems.

He also found 66,000 websites with dangling subdomain issues, making them vulnerable to various attacks including hijacking.

Dangling domains can be impersonated, used to deploy malware or phishing pages, steal cookies, and more.

Palo Alto Networks says tens of thousands of dangling records are exposed at any one time.

The researcher says by starting with dangling cloud resources instead of looking for issues with specific domain or set of domains allows for issues to be discovered systematically.

VR Score

65

Informative language

57

Neutral language

66

Article tone

semi-formal

Language

English

Language complexity

68

Offensive language

not offensive

Hate speech

not hateful

Attention-grabbing headline

not detected

Known propaganda techniques

not detected

Time-value

medium-lived

External references

10

https://web.archive.org/web/20230330043732/https://intl.prd.nytimes.com/2023/03/29/us-declares-war-against-russia-amid-escalating-tension.htmlhttps://docs.github.com/en/code-security/secret-scanning/about-secret-scanninghttps://billdemirkapi.me/https://unit42.paloaltonetworks.com/dangling-domains/https://learn.microsoft.com/en-us/azure/security/fundamentals/subdomain-takeoverhttps://lixiang521.com/publication/sigmetrics23/https://docs.github.com/en/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-programhttps://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_04B-3_Meli_paper.pdfhttps://www.helpnetsecurity.com/2024/06/27/gitleaks-open-source-solution-detecting-secrets-in-code/https://virustotal.readme.io/docs/retrohunt

Source diversity

9

web.archive.orgdocs.github.combilldemirkapi.meunit42.paloaltonetworks.comlearn.microsoft.comlixiang521.comwww.ndss-symposium.orgwww.helpnetsecurity.comvirustotal.readme.io

Affiliate links

no affiliate links

Read full article