In spectacular fail, Adobe security team posts private PGP key on blog

Having some transparency about security problems with software is great, but Adobe’s Product Security Incident Response Team (PSIRT) took that transparency a little too far today when a member of the team posted the PGP keys for PSIRT’s e-mail account—both the public and the private keys. The keys have since been taken down, and a new public key has been posted in its stead.

The faux pas was spotted at 1:49pm ET by security researcher Juho Nurminen:

Nurminen was able to confirm that the key was associated with the psirt@adobe.com e-mail account.

Read 4 remaining paragraphs | Comments

Leave a Reply

Read the original at Ars Technica.