Vine’s Source Code Was Accidentally Made Public For Five Minutes

An anonymous reader writes from The Register: Vine, the six-second-video-loop app acquired by Twitter in 2012, had its source code made publicly available by a bounty-hunter for everyone to see. The Register reports: “According to this post by @avicoder (Vjex at GitHub), Vine’s source code was for a while available on what was supposed to be a private Docker registry. While docker.vineapp.com, hosted at Amazon, wasn’t meant to be available, @avicoder found he was able to download images with a simple pull request. After that it’s all too easy: the docker pull https://docker.vineapp.com:443/library/vinewww request loaded the code, and he could then open the Docker image and run it. ‘I was able to see the entire source code of Vine, its API keys and third party keys and secrets. Even running the image without any parameter, [it] was letting me host a replica of Vine locally.’ The code included ‘API keys, third party keys and secrets,’ he writes. Twitter’s bounty program paid out — $10,080 — and the problem was fixed in March (within five minutes of him demonstrating the issue).”


Share on Google+

Read more of this story at Slashdot.

Clip to Evernote

Leave a Reply

Your email address will not be published. Required fields are marked *