from the locking-the-door-without-closing-it dept.
fulldecent writes: Popular photo printing website Artisan State, which specializes in bound photo books mostly for weddings or other events, unintentionally makes all its uploaded user photos available publicly for download. This case study shows how their photos are able to be downloaded and discusses the things vendors should think about when considering security of seemingly private user content. The case study also discusses how this flaw was reported to the vendor, but unfortunately never fixed. This follows otherarticlesonSlashdot discussing security disclosure. How do you report vulnerabilities to vendors? Do you support publishing them if they are not fixed in a reasonable time?
"Regardless of the legal speed limit, your Buick must be operated at
speeds faster than 85 MPH (140kph)."
-- 1987 Buick Grand National owners manual.