Are Your Private PGP Keys Being Exposed On Google?

Keeping a secret is the hardest, but yet one of the most important things that you have to do when it comes to today’s internet. There are people from half way around the world that are trying to get to your data so you must make sure that you do everything in your power to stop them. If you do not then you can find yourself with more data exposed to the world then you ever thought would be.

There are several ways that you can protect yourself from having your data exposed on the internet. But before you do that, you must be aware of how it can happen. Too many people that find themselves on the internet on a regular basis are not aware of the true dangers that lurk when they log on. They may think that they can run an antivirus program on their system and that will be good enough. Or they think that they can use a different operating system and that will protect them from all of the troubles on the net. This is not the truth at all.

To make sure that your data stays safe you must be prepared to protect it from several different vectors of attack. You do this by using several different techniques. These techniques include encryption, obfuscation, passwords, usernames, and good old fashioned common sense. That last one is the most important one of all. If you do not have that then all of the other tools will be used in vain.

This may seem complicated but it really is not. You probably already use most of these techniques in your average internet usage and not even know it. For example, you use encryption when you turn on the protection on your wireless router or log into HTTPS based web sites. You use obfuscation, passwords, and usernames when you need to make a new account and you do not make the password something easy to guess. And you use common sense every day by taking a look at the links that are available to you and picking which ones are safe and which ones are not. So as I said earlier, while this may seem complicated, it really is not.

are your private PGP keys being exposed on Google?

are your private PGP keys being exposed on Google?

How it all can go wrong

But even when you are using the tools that are supposed to keep you safe, if they are not built correctly then someone can find a hole and still put you and your data in danger. For example, just recently it has been found out that there is a way that a person’s PGP key can be exposed publicly on the internet for all to see. For those of you who do not know what a PGP key is, it stands for Pretty Good Privacy. It allows you to sign data that you send back and forth so that it is encrypted. This way only the person who is sending the data and the person who is on the other end know what is being sent. This is supposed to be an almost fool proof way of keeping your privacy when sending data but like all things it has a flaw. It turns out that through a simple mistake of someone just leaving a file on an open web server, with the right Google keywords, someone else is able to see the PGP key in a normal Google search. You would think that with exposure like this it would take a master black hat hacker to be able to get this kind of data. Not at all. All it took was someone who was just bored one day to type the right key, voila, instant PGP keys.

At this point you should be asking yourself, if you use encryption or any other kind of protection software, is it properly protected or not? Did you leave any configuration files on your public facing web server? It is mistakes like this that show the flaws in the security software while at the same time showing your flaws as well.

Keeping everything wrapped up

While I have talked about the different types of security measures that you can use to keep your data private earlier in the article, you must make sure that you keep the tools that are protecting you secure as well.

Do not leave the passwords or configuration files for these tools just lying around. They are not going to help protect you if the passwords for these tools are anywhere that anyone can get to them. Also make sure that you use them as instructed. If the software was not meant for a certain purpose and you use it that way, then there is a good chance that it will not protect you. And most of all follow your common sense.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Trackbacks

  1. […] up and out of place. The message will not make any sense to them at all.So as you can see, having PGP installed on your system is a good way to stop the bad guys. You just need to make sure that you keep track of your private […]

Speak Your Mind

*