From: Alyssa Ross <hi@alyssa.is>
To: ball drinker <bipperdipper0@gmail.com>
Cc: devel@spectrum-os.org
Subject: Re: Moderate Cybersecurity Concern
Date: Fri, 29 Aug 2025 16:48:52 +0200 [thread overview]
Message-ID: <87zfbii3or.fsf@alyssa.is> (raw)
In-Reply-To: <CABBJTt_xAybiNWx8StgJt-64J9qy3FkVGGg1F6kcfFXOAqAiBQ@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1547 bytes --]
ball drinker <bipperdipper0@gmail.com> writes:
> Salutations --
> I write not as another spammer talking of riches and fame but as a
> concerned cybersecurity student aspiring to be a graduate.
>
> YOUR OPENSSH PRIVATE KEY WAS COMPROMISED IN A GOOGLE DORK IN CASE YOU WERE
> NOT AWARE!
> I figure that now that the important part was stated, I should share some
> proof of it.
> Attached will be a series of two (2) images. These were stumbled across
> while I was completing an assignment for my college course.
>
> I only wanted to share the information with you considering I figured it'd
> be pertinent for something like this.
Hi, thanks for your concern, but this is not an issue.
Note that the key you have found is inside a directory called "tests" in
Nixpkgs, and is named "snake oil". It is a test fixture, not a key that
controls access to anything outside of that test. I imagine by now
you'll have found that this key exists in many places across the web,
wherever there are copies of Nixpkgs.
The enthusiasm is nice, but please make sure to check thoroughly before
reporting security issues — not every instance of a pattern is
automatically an issue, and if it looks like you haven't done this
checking, your reports are likely to be seen as spam after all.
Maintainers are frequently burdened with people submitting reports from
automated security scanners that are not identifying real issues, and
are quite likely to filter out anything that looks like that.
Good luck with your course!
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]
prev parent reply other threads:[~2025-08-29 14:49 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-29 14:17 Moderate Cybersecurity Concern ball drinker
2025-08-29 14:48 ` Alyssa Ross [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87zfbii3or.fsf@alyssa.is \
--to=hi@alyssa.is \
--cc=bipperdipper0@gmail.com \
--cc=devel@spectrum-os.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://spectrum-os.org/git/crosvm
https://spectrum-os.org/git/doc
https://spectrum-os.org/git/mktuntap
https://spectrum-os.org/git/nixpkgs
https://spectrum-os.org/git/spectrum
https://spectrum-os.org/git/ucspi-vsock
https://spectrum-os.org/git/www
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).