"Alex"
“Alex” (mangopdf) has hacked their employer an unspecified number of times Red Teaming, committing metaphorical crimes and writing really really detailed confession letters. Once they found former Australian Prime Minister Tony Abbott’s passport number using Google Chrome, talked to him on the phone about it, and did not get arrested. They just started mangopdf Communication, a legitimate business in which they teach security people how to present and write in a way that non-security people understand.
On the side, they organise purplecon, a gentle, pastel, inclusive security conference, but it’s unclear whether the whole thing is like a joke, or what.
More "Alex" content, blog posts, and past conference talk recordings: https://mango.pdf.zone.
Session
“Wait hang on if everyone’s vibe coding I bet they’re accidentally leaking soooooo many API keys like, publicly. And they don’t even know”, is what I thought one day.
“But how bad is it?” I had to know, so I tried scanning newly registered domain names every day.
This talk is the story of how I found myself drowning in poor vibe coders’ diverse selection of API keys, and, um, how anyone could 😳. I tried to measure how easy it was to find actual, valid API keys on new, presumably vibe coded websites.
I have, in my travels, calculated various numbers, such as the average time it takes for a valid API key to be leaked after a domain is registered. There will be a thrilling analysis of today’s results, so please nobody vibe code too hard the day before.