Adobe suffered at a minimum a PR black eye on Friday when one of its private PGP keys was inadvertently published to its Product Incident Security Response Team (PSIRT) blog.
The company’s public and private key pair were published together, both of which could be used to either decrypt messages sent to Adobe PSIRT, or sign messages purporting to be Adobe PSIRT.
The risks posed by this leak, such as stealing private messages or carrying out a phishing attack, were lessened by a number of factors.
Leave a reply
