hanno

This is really a "WTF how could they ever think this is a good idea?" kind of vulnerability. Usually the kind of stuff you get from shady, incompetent startups, but this is Google...
https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules

RE: @TimPhSchaefers@chaos.social

Aus Fehlern lernen, so unterschätztes Konzept...
@TimPhSchaefers@chaos.social@mastodon.social

German ministry renames itself, domain expires, is bought by SEO-spammer, expires again, is bought by domain grabber, then later bought by itsec company who now learns that apparently plenty of internal systems of the ministry still try to connect to the domain...
I don't even know where to start how terrible that is and what it tells us about government IT security practices...
https://mint-secure.de/bundesdomain-im-blindflug-dns-leaks-und-ein-jahrzehnt-it-nachlaessigkeit/
@TimPhSchaefers@chaos.social good work!