Search the archives!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] flickr not truly private
- From: john.duhuh at googlemail.com (John Duhuh)
- Subject: [Full-disclosure] flickr not truly private
- Date: Mon, 26 Feb 2007 02:12:15 +0100
flickr say you can mark your photos private. when you look at the web interface maybe. just give the direct address of a picture to one with no access he grabs it no problem. google images tips left as an exercise. for the brute forcers it looks like feasible, maybe difficult. targetting someone is easier with an estimation of the time of upload, as first part of the filename is incremental. for the rest maybe they did the job right, maybe not. apologies if this is lame or already known. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070226/1194cb71/attachment.html
- Follow-Ups:
- [Full-disclosure] flickr not truly private
- From: Line Noise
- [Full-disclosure] flickr not truly private
- From: Michael Holstein
- [Full-disclosure] flickr not truly private
- Prev by Date: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr)
- Next by Date: [Full-disclosure] Cursor Injection - A New Method for Exploiting PL/SQL Injection and Potential Defences
- Previous by thread: [Full-disclosure] M$ Groove
- Next by thread: [Full-disclosure] flickr not truly private
- Index(es):