alt Hacker NewsI tried posting a warning to /r/fiverr but the admins removed the post. And the files are STILL public...how in the world is "sitting it out" their course of action?
Edit: I'm beginning to wonder if they might be locked out of their own site at this point. How hard could it be to just shut down the asset server until they get it sorted?
Replies
elevatortrim • last Wednesday at 12:04 PM
If the assets are public and not associated to my account, how could they ever restore access if they made them inaccessible?
The ironic thing is, since they clearly don't have much code review, they could have actually patched the site in this time! Turn on signatures and throw in a couple backend lines to generate one wherever the URLs appear. Even if you have to go back and redo it tomorrow for robust security or performance, it would be an improvement over this.
I'm not taking sides either way, but if you are of the all in on AI perspective as they are, shouldn't this be the ideal use case? It absolutely could have handled adding URL signing.