logoalt Hacker News

gregsadetskyyesterday at 10:49 PM3 repliesview on HN

I wrote to [email protected] and they just replied:

"You’re the second person to flag this issue to us

Please note that our records show no contact with Fiverr security regarding this matter ~40 days ago unlike the poster claims. We are currently working to resolve the situation"

Replies

morpheuskafkayesterday at 11:04 PM

I have uploaded the email here: https://gist.github.com/aidanbh/3da7cecb3e2496e5c5110b88f21b...

(technically, I guess that doesn't prove anything other than it is in my Sent folder? it has a message ID but I guess only the purelymail admin could confirm that)

In any event, this should never have required an outside reminder. The indexing issue may be something non obvious. But the core decision not to use signed/expiring URLs is nothing less than good old security by obscurity.

show 2 replies
trollbridgetoday at 12:07 AM

Gee, that response doesn't sound defensive at all.

Loughlayesterday at 11:00 PM

So who has more incentive to lie, fiverr or OP?

show 1 reply