Jump to content

Invite Scene - #1 to Buy, Sell, Trade or Find Free Torrent Invites

#1 TorrentInvites Community. Buy, Sell, Trade or Find Free Torrent Invites for Every Private Torrent Trackers. HDB, BTN, AOM, DB9, PTP, RED, MTV, EXIGO, FL, IPT, TVBZ, AB, BIB, TIK, EMP, FSC, GGN, KG, MTTP, TL, TTG, 32P, AHD, CHD, CG, OPS, TT, WIHD, BHD, U2 etc.

LOOKING FOR HIGH QUALITY SEEDBOX? EVOSEEDBOX.COM PROVIDES YOU BLAZING FAST & HIGH END SEEDBOXES | STARTING AT $5.00/MONTH!

Radiohead’s website has a less than OK Computer: user data is being leaked


Recommended Posts

Karma police, arrest this sysadmin. Security researchers have discovered the website belonging to iconic British miserablists, Radiohead, has been leaking every single IP address to have visited it between 2011 and 2013.

https://twitter.com/MayhemDayOne/sta...26657581441024

The flaw was discovered by Cologne-based infosec firm, Kromtech Security. According to Bob Diamchenko, the firm’s Head of Communications, the logs are still available on an unprotected Amazon S3 bucket. There’s more than 14 gigabytes worth in total.

As leaks go, this one’s pretty tepid, and doesn’t contain anything earth-shatteringly dangerous, like usernames and passwords. It contains the user’s IP address, the time it accessed the site, the server response, the GET query, and browser information.

According to Diamchenko, some of the GET queries could prove helpful for those looking for sensitive information. He sent me a redacted GET query containing a link to what appears to be a secure login to a website.


217.33.XXX.XXX – – [09/Dec/2013:10:43:50 +0000] “GET //inc/jquerymobile/jquery.mobile-1.3.2.min.js HTTP/1.1” 200 145396 “https://secure.XXXXX.com/login” “Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36”

Diamchenko has cause to be a paranoid android. Many of the most high-profile data leaks we’ve seen over the past few years have been a product of individuals uploading sensitive information to Amazon S3 buckets that are improperly secured.

In October of 2017, MacKeeper searchers discovered open S3 buckets containing the personal information of over 1,000 NFL players and their agents, the details of three million WWE fans, and the blood test records of over 150,000 Americans. Hackers managed to access these with no alarms and no surprises.

The issue is so common, MacKeeper has even released a tool that helps sysadmins identify weak links in their S3 bucket setups. Sadly, nobody told the notoriously tech-savy band, who released their album In Rainbows on Bittorrent back in 2007.

We reached out to Radiohead’s PR agency for comment. If we hear back from them, we’ll let you know.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Check out what our members are saying

  • Our picks

×
×
  • Create New...