Posts by

Mike Hanley

@mph4

I'm the Chief Security Officer at GitHub. Prior to GitHub, I was the Vice President of Security at Duo Security, where I built and led the security research, development, and operations functions. After Duo’s acquisition by Cisco, I led the transformation of Cisco’s cloud security framework and later served as CISO for the company. When I'm not talking about security at GitHub, I can be found enjoying Ann Arbor, MI with my wife and seven kids.

GitHub security update: revoking weakly-generated SSH keys

GitHub security update: revoking weakly-generated SSH keys

On September 28, 2021, we received notice from the developer Axosoft regarding a vulnerability in a dependency of their popular git GUI client - GitKraken. An underlying issue with a dependency, called `keypair`, resulted in the GitKraken client generating weak SSH keys.