Slashdot Mirror

← Back to Stories (view on slashdot.org)

Photo Printing Website Artisan State Allows Access To All User-Uploaded Photos

Posted by Soulskill on from the locking-the-door-without-closing-it dept.

fulldecent writes: Popular photo printing website Artisan State, which specializes in bound photo books mostly for weddings or other events, unintentionally makes all its uploaded user photos available publicly for download. This case study shows how their photos are able to be downloaded and discusses the things vendors should think about when considering security of seemingly private user content. The case study also discusses how this flaw was reported to the vendor, but unfortunately never fixed. This follows other articles on Slashdot discussing security disclosure. How do you report vulnerabilities to vendors? Do you support publishing them if they are not fixed in a reasonable time?

1 of 94 comments (clear)

  1. Re:Careful by viperidaenz · · Score: 0, Troll

    That's cool. I'm not under the jurisdiction of USA. Neither is 95% of the worlds population.
    I'm pretty sure the Chinese Government doesn't care if it's citizens hack in to American companies websites. Not that this really counts as hacking.