Sshgit is more public about these secrets: it offers a front-end that simply displays them as they appear on GitHub. This means hackers could watch it for potential places to exploit. But it also encourages safe coding because users know their public repositories are insecure.
Coding crypto projects is hard enough without running the risk of losing your private keys. Shhgit, a webapp and downloadable tool by Paul Price aims at least to reduce the chance of that happening.
The app, which is open source, scans code repository GitHub for dangerous files and data. As a beginning coder, you may have left your password data or private keys inside public repository without realizing. When this happens, hackers and other nasties can easily access your stuff.
“Finding these secrets across GitHub is nothing new”, wrote Price, a programmer and security expert who goes by the handle Darkport. “There are many open-source tools available to help with this depending on which side of the fence you sit. On the adversary side, popular tools such as gitrob and truggleHog focus on digging in to commit history to find secret tokens from specific repositories, users or organizations.”
Not everything sshgit uncovers is dangerous information but you can also set it to search for signatures that you’re particularly interested in, like, say, ethereum wallet addresses.
As someone who once committed the private keys for a bitcoin wallet to a public GitHub account, let me tell you: I could have used this a few years ago.
The product is free, downloadable here. Price is looking for sponsors to pay for hosting because, as you can imagine, his traffic is quite high as people search for secrets.
New York Among 13 States Excluded as Binance.US Opens for Registrations
The U.S. arm of cryptocurrency exchange Binance is opening for registration and deposits on Wednesday.
The platform will go live supporting just six cryptocurrencies initially – bitcoin, (BTC), ether (ETH), XRP, bitcoin cash (BCH), litecoin (LTC) and the tether stablecoin (USDT). The platform expects more to be added in “coming weeks”, providing they pass Binance.US’s Digital Asset Risk Assessment Framework.
Notably, Binance’s recently launched dollar-linked stablecoin BUSD is not supported.
The new launch comes after stateside users of its global platform Binance.com were barred from trading back in June. The company did not provide reasons for the restriction at the time, but it was almost certainly over regulatory concerns.
In a blog post on the launch of registrations on Tuesday, Binance.US CEO Catherine Coley – who left a role as head of XRP Institutional Liquidity at Ripple in July to join the firm – explained that the U.S. rollout is to be “gradual” with 13 states not supported at launch.
These include New York, Florida and Texas. Previously, when U.S. residents were allowed to use Binance.com, the firm listed just six U.S. states as restricted from trading.
Coley said:
“Although it is upsetting that we cannot offer Binance.US in the states where I grew up and earned my education at this time, please rest assured that this is just the beginning, and it is our mission to bring access to those of you in these states many of us call home.”
The post also sets out the fees that will be charged for trading – which will start once sufficient liquidity has been achieved through new deposits.
Describing the fee structure as “straightforward, Coley said that personal accounts will be charged a flat fee of 0.10 percent per trade, while corporate accounts will see charges vary depending on their trading volume. Until Nov. 1, 2019, though, Binance.US is charging zero fees for all users.
User who already have deposits with Binance.com will not see their funds automatically transferred to the U.S. platform, Coley said. She cited the fact that Binance.US is a separate entity operated by BAM Trading Services as the reason. BAM Trading is registered with the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) in the U.S.
Answering her own question as to whether Binance.US is protecting users’ deposits with insurance, Coley said: “Binance.US takes security seriously. We prioritize customer protection and have measures dedicated to protecting customers from theft and hacking.”
It’s not clear if the new entity will offer a similar protection scheme as Binance, which notably provides the Secure Asset Fund for Users (SAFU). After a $40.7 million hack back in May, the fund was used to repay all affected users.
