Slashdot Mirror

← Back to Stories (view on slashdot.org)

Photo Printing Website Artisan State Allows Access To All User-Uploaded Photos

Posted by Soulskill on from the locking-the-door-without-closing-it dept.

fulldecent writes: Popular photo printing website Artisan State, which specializes in bound photo books mostly for weddings or other events, unintentionally makes all its uploaded user photos available publicly for download. This case study shows how their photos are able to be downloaded and discusses the things vendors should think about when considering security of seemingly private user content. The case study also discusses how this flaw was reported to the vendor, but unfortunately never fixed. This follows other articles on Slashdot discussing security disclosure. How do you report vulnerabilities to vendors? Do you support publishing them if they are not fixed in a reasonable time?

1 of 94 comments (clear)

  1. Handled very well ... by CaptainDork · · Score: 4, Insightful

    ... plenty of lead time and followup.

    These issues need to be publicized when the hosting site doesn't give a fuck. Customers have a right to know.

    --
    It little behooves the best of us to comment on the rest of us.