Breaches and leaks

  • Comcast Xfinity: a flaw was found where one could extract the home address of customers, because of a weird login system that partially shows home addresses based on which IP you had, which could be spoofed. Worth a read to learn how -not- to make authentication easier. A secondary flaw was found where one could brute force a social security number used in a login form.
  • GoDaddy: information on 31.000 GoDaddy servers was exposed in an unsecured s3 bucket, including juicy stuff like configuration details and price negotiations between them and AWS.
Dieter Van der Stock