* Moderate Cybersecurity Concern
@ 2025-08-29 14:17 ball drinker
2025-08-29 14:48 ` Alyssa Ross
0 siblings, 1 reply; 2+ messages in thread
From: ball drinker @ 2025-08-29 14:17 UTC (permalink / raw)
To: devel
[-- Attachment #1.1: Type: text/plain, Size: 561 bytes --]
Salutations --
I write not as another spammer talking of riches and fame but as a
concerned cybersecurity student aspiring to be a graduate.
YOUR OPENSSH PRIVATE KEY WAS COMPROMISED IN A GOOGLE DORK IN CASE YOU WERE
NOT AWARE!
I figure that now that the important part was stated, I should share some
proof of it.
Attached will be a series of two (2) images. These were stumbled across
while I was completing an assignment for my college course.
I only wanted to share the information with you considering I figured it'd
be pertinent for something like this.
[-- Attachment #1.2: Type: text/html, Size: 687 bytes --]
[-- Attachment #2: Evidence4.png --]
[-- Type: image/png, Size: 35228 bytes --]
[-- Attachment #3: Evidence5.png --]
[-- Type: image/png, Size: 19027 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Moderate Cybersecurity Concern
2025-08-29 14:17 Moderate Cybersecurity Concern ball drinker
@ 2025-08-29 14:48 ` Alyssa Ross
0 siblings, 0 replies; 2+ messages in thread
From: Alyssa Ross @ 2025-08-29 14:48 UTC (permalink / raw)
To: ball drinker; +Cc: devel
[-- Attachment #1: Type: text/plain, Size: 1547 bytes --]
ball drinker <bipperdipper0@gmail.com> writes:
> Salutations --
> I write not as another spammer talking of riches and fame but as a
> concerned cybersecurity student aspiring to be a graduate.
>
> YOUR OPENSSH PRIVATE KEY WAS COMPROMISED IN A GOOGLE DORK IN CASE YOU WERE
> NOT AWARE!
> I figure that now that the important part was stated, I should share some
> proof of it.
> Attached will be a series of two (2) images. These were stumbled across
> while I was completing an assignment for my college course.
>
> I only wanted to share the information with you considering I figured it'd
> be pertinent for something like this.
Hi, thanks for your concern, but this is not an issue.
Note that the key you have found is inside a directory called "tests" in
Nixpkgs, and is named "snake oil". It is a test fixture, not a key that
controls access to anything outside of that test. I imagine by now
you'll have found that this key exists in many places across the web,
wherever there are copies of Nixpkgs.
The enthusiasm is nice, but please make sure to check thoroughly before
reporting security issues — not every instance of a pattern is
automatically an issue, and if it looks like you haven't done this
checking, your reports are likely to be seen as spam after all.
Maintainers are frequently burdened with people submitting reports from
automated security scanners that are not identifying real issues, and
are quite likely to filter out anything that looks like that.
Good luck with your course!
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-08-29 14:49 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-08-29 14:17 Moderate Cybersecurity Concern ball drinker
2025-08-29 14:48 ` Alyssa Ross
Code repositories for project(s) associated with this public inbox
https://spectrum-os.org/git/crosvm
https://spectrum-os.org/git/doc
https://spectrum-os.org/git/mktuntap
https://spectrum-os.org/git/nixpkgs
https://spectrum-os.org/git/spectrum
https://spectrum-os.org/git/ucspi-vsock
https://spectrum-os.org/git/www
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).