Using logs to analyze a software product

Rapid Software Testing by http://satisfice.com was a interesting training I attended to. One of the introduced methods is spot check, or I would call it log analysis. Logs should be used to analyze or check a product. Log files can harbor interesting data :smile:

This recent example is quite funny or more shocking in sense of security. Above picture shows the passphrase for a private gpg key of Belkin, that is used to sign their firmware. Not only the private key shouldn’t be accessible for the public, also by searching for passphrase, the password is revealed in the logs. Everybody else now can misuse this key, e.g. sign malicious firmware. This is rather an extreme example, but also shows what magic gems can be found in log files. Original post can be found at https://twitter.com/mjg59/status/647251446669283328.