[Full-disclosure] flickr not truly private
- From: "John Duhuh" <john.duhuh@xxxxxxxxxxxxxx>
- Date: Mon, 26 Feb 2007 02:12:15 +0100
flickr say you can mark your photos private. when you look at the web
interface maybe. just give the direct address of a picture to one with no
access he grabs it no problem.
google images tips left as an exercise.
for the brute forcers it looks like feasible, maybe difficult.
targetting someone is easier with an estimation of the time of upload, as
first part of the filename is incremental.
for the rest maybe they did the job right, maybe not.
apologies if this is lame or already known.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Follow-Ups:
- Re: [Full-disclosure] flickr not truly private
- From: Michael Holstein
- Re: [Full-disclosure] flickr not truly private
- From: Line Noise
- Re: [Full-disclosure] flickr not truly private
- Prev by Date: Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr)
- Next by Date: [Full-disclosure] Cursor Injection - A New Method for Exploiting PL/SQL Injection and Potential Defences
- Previous by thread: [Full-disclosure] Know your Enemy: Web Application Threats
- Next by thread: Re: [Full-disclosure] flickr not truly private
- Index(es):
Relevant Pages
|
Loading
