Hello Guest, welcome to torrentinvites.org - Your #1 source for Torrent Invites!
CLICK HERE to register for free and gain full access to TI.org!
Torrent Invites! Buy, Trade, Sell Or Find Free Invites, For EVERY Private Tracker! HDBits.org, BTN, PTP, MTV, Empornium, Orpheus, Bibliotik, RED, IPT, TL, PHD etc!
4Likes
-
4
Post By jimmy7
-
Radiohead’s website has a less than OK Computer: user data is being leaked
Karma police, arrest this sysadmin. Security researchers have discovered the website belonging to iconic British miserablists, Radiohead, has been leaking every single IP address to have visited it between 2011 and 2013.
https://twitter.com/MayhemDayOne/sta...26657581441024
The flaw was discovered by Cologne-based infosec firm, Kromtech Security. According to Bob Diamchenko, the firm’s Head of Communications, the logs are still available on an unprotected Amazon S3 bucket. There’s more than 14 gigabytes worth in total.
As leaks go, this one’s pretty tepid, and doesn’t contain anything earth-shatteringly dangerous, like usernames and passwords. It contains the user’s IP address, the time it accessed the site, the server response, the GET query, and browser information.
According to Diamchenko, some of the GET queries could prove helpful for those looking for sensitive information. He sent me a redacted GET query containing a link to what appears to be a secure login to a website.
217.33.XXX.XXX – – [09/Dec/2013:10:43:50 +0000] “GET //inc/jquerymobile/jquery.mobile-1.3.2.min.js HTTP/1.1” 200 145396 “https://secure.XXXXX.com/login” “Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36”
Diamchenko has cause to be a paranoid android. Many of the most high-profile data leaks we’ve seen over the past few years have been a product of individuals uploading sensitive information to Amazon S3 buckets that are improperly secured.
In October of 2017, MacKeeper searchers discovered open S3 buckets containing the personal information of over 1,000 NFL players and their agents, the details of three million WWE fans, and the blood test records of over 150,000 Americans. Hackers managed to access these with no alarms and no surprises.
The issue is so common, MacKeeper has even released a tool that helps sysadmins identify weak links in their S3 bucket setups. Sadly, nobody told the notoriously tech-savy band, who released their album In Rainbows on Bittorrent back in 2007.
We reached out to Radiohead’s PR agency for comment. If we hear back from them, we’ll let you know.
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules