We’ve been seeing a lot of python related security issues of late, including the leaking of secrets. When python developer Tom Forbes of London heard that Infosys had leaked their AWS keys, he got intrigued. The key that was leaked was not just any AWS key, it provided full admin access, and it was leaked for over a year. Tom wanted to know how many other valid AWS keys were present on the Python package index. Also he wrote a script to scan every published python release and found 57 valid access keys from a bunch of organisations, including Amazon themselves! His article shared how did they the scan along with his analysis of the leaked keys. He found that some of those leaked key are claimed to be done intentional, for legitimated uses.
https://tomforb.es/i-scanned-every-package-on-pypi-and-found-57-live-aws-keys/
This segment was created for the It’s 5:05 podcast