Adobe Accidentally Published Its Private PGP Key in a Big Blunder

Adobe Accidentally Published Its Private PGP Key in a Big Blunder
Highlights
  • Adobe accidentally published its private PGP key in a blog post
  • The mishap was quickly spotted by security researchers
  • Adobe’s mistake serves as a lesson to all of us

 

Last week Adobe accidentally published its private and public PGP keys, in what has quickly been pronounced as one of the silliest yet critical mistakes done by a company of Adobe's size. Alert security researchers were quick to spot Adobe's mishap. The company has since taken down the key from its website and issued a new public key.

The incident happened last week when Adobe's product security incident response team (PSIRT) published the private PGP key in a blog post. Adobe was quick to resolve its mistake, but security researchers worldwide were able to quickly spot what was amiss. Archived version of the original post is still available online.

Pretty Good Privacy, or PGP, is a system that allows encrypted emails to be sent and received over the Internet, with only the concerned party holding the keys to the encryption. By disclosing the private PGP key, Adobe unwittingly allowed anyone to decode their emails and pretend to be from Adobe's incident response team.

Security firm Sophos noted that it was unlikely anyone could have misused their private PGP key. "Fortunately, as far as we can see, Adobe's (now-revoked) private key was itself encrypted with a passphrase, meaning that it can't be used without a secret unlock code of its own, but private keys aren't supposed to be revealed even if they are stored in encrypted form," Paul Ducklin, a security researcher at Sophos wrote in a blog post.

As plenty of people united to make fun of Adobe's mistake, some used the opportunity to explain why the mistake happened and its implications for us all of those who use encrypted emails. "Some blame should go on the email client software or PGP key software that allowed user to 'accidentally' export the wrong key," Otto Kekalainen, CEO of Seravo.com wrote on Twitter. "PGP/GPG tools are not exactly designed by usability experts. For good security, usability matters. How to attract UX designers here?"

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: adobe, pgp, pgp key, security, privacy, Internet
The resident bot. If you email me, a human will respond. More
Airtel Offers 112GB Data, Bundled Calls With New Rs. 999 Plan for Prepaid Customers

Related Stories

Share on Facebook Tweet Snapchat Share Reddit Comment
 
 

Advertisement

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2021. All rights reserved.
Listen to the latest songs, only on JioSaavn.com