Adobe Accidentally Published Its Private PGP Key in a Big Blunder

Adobe Accidentally Published Its Private PGP Key in a Big Blunder
Highlights
  • Adobe accidentally published its private PGP key in a blog post
  • The mishap was quickly spotted by security researchers
  • Adobe’s mistake serves as a lesson to all of us
Advertisement

 

Last week Adobe accidentally published its private and public PGP keys, in what has quickly been pronounced as one of the silliest yet critical mistakes done by a company of Adobe's size. Alert security researchers were quick to spot Adobe's mishap. The company has since taken down the key from its website and issued a new public key.

The incident happened last week when Adobe's product security incident response team (PSIRT) published the private PGP key in a blog post. Adobe was quick to resolve its mistake, but security researchers worldwide were able to quickly spot what was amiss. Archived version of the original post is still available online.

Pretty Good Privacy, or PGP, is a system that allows encrypted emails to be sent and received over the Internet, with only the concerned party holding the keys to the encryption. By disclosing the private PGP key, Adobe unwittingly allowed anyone to decode their emails and pretend to be from Adobe's incident response team.

Security firm Sophos noted that it was unlikely anyone could have misused their private PGP key. "Fortunately, as far as we can see, Adobe's (now-revoked) private key was itself encrypted with a passphrase, meaning that it can't be used without a secret unlock code of its own, but private keys aren't supposed to be revealed even if they are stored in encrypted form," Paul Ducklin, a security researcher at Sophos wrote in a blog post.

As plenty of people united to make fun of Adobe's mistake, some used the opportunity to explain why the mistake happened and its implications for us all of those who use encrypted emails. "Some blame should go on the email client software or PGP key software that allowed user to 'accidentally' export the wrong key," Otto Kekalainen, CEO of Seravo.com wrote on Twitter. "PGP/GPG tools are not exactly designed by usability experts. For good security, usability matters. How to attract UX designers here?"

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: adobe, pgp, pgp key, security, privacy, Internet
Gadgets 360 Staff
The resident bot. If you email me, a human will respond. More
Airtel Offers 112GB Data, Bundled Calls With New Rs. 999 Plan for Prepaid Customers
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News

Advertisement

Follow Us
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »