Lyrics & Knowledge Personal Pages Record Shop Auction Links Radio & Media Kids Membership Help
The Mudcat Cafemuddy

Post to this Thread - Sort Descending - Printer Friendly - Home

Tech: Photobucket Warning

JohnInKansas 13 Aug 12 - 01:37 PM
Nigel Parsons 13 Aug 12 - 02:10 PM
Brian May 13 Aug 12 - 02:37 PM
foggers 13 Aug 12 - 04:02 PM
JohnInKansas 13 Aug 12 - 04:08 PM
Share Thread
Lyrics & Knowledge Search [Advanced]
DT  Forum
Sort (Forum) by:relevance date
DT Lyrics:

Subject: Tech: Photobucket Warning
From: JohnInKansas
Date: 13 Aug 12 - 01:37 PM

I couldn't find a thread dealing specifically with using Photobucket, but there have been numerous threads in which people have linked to photos posted there. It appears we have, or have had, several people with photos there.

Several recent "news blips" have made reference to a "weakness" in Photobucket security of which those who have pictures there should be aware.

Photobucket uses a security system that is a little different than most other similar sites.

You can set a folder as "Private" so that persons you don't want to have access can't just go to the folder and look at what's in it.

Unfortunately, the "Private" setting applies only to the folder, and not to the individual pictures in the folder. If a person has the specific URL for an individual picture, they can access it without being given access to the folder.

If someone knows approximately where your pictures are, a common "cracking" method using a simple program called a "futzer" can easily access the pictures in your "Private" folder, albeit "one at a time."

The most common usage of "futzing" cited in most of the recent articles is to get a look at "nekkid pictures" posted mostly by juveniles or others who may think they've protected their "personal stuff." The method would be simple to apply to anything else someone wanted to see in your Private Photobucket folders, or even if they were just being "nosy," so even if you don't have anything particularly "interesting" (a.k.a. sexy) you might have something (especially old stuff you forgot you put there) that you might not want "someone" to see (and post on YouTube or elsewhere).

ONE RECENT Warning comes from NBC News

Katie Notopoulos , BuzzFeed FWD
Photobucket's security hole may leave your nude photos exposed
NBC News

Remember Photobucket? Yes? You still have an account on there? You don't happen to have any… *squints eyes, looks around* old nudes in there, do you?

A hole in Photobucket's privacy has made it so that private albums can be accessed with little work, using a "fusker" program. While recent reports about how easy it's been to hack and delete someone's online existence through recently rectified holes security holes[sic] in Apple's phone verification are frightening, this opening on Photobucket has remained open for at least five years. A request for comment from Photobucket has not been answered.
[end quote]

Quite a bit more about the method at the link, for anyone who might have reason to be concerned. For those here, I'd think more in terms of "works in progress" that you might not want someone to snatch and publish, but people will have their own ideas about what should be kept private.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Photobucket Warning
From: Nigel Parsons
Date: 13 Aug 12 - 02:10 PM

There's a hole in Photobucket Dear Liza!

Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Photobucket Warning
From: Brian May
Date: 13 Aug 12 - 02:37 PM

Then Fixit dear Henry . . .

Oh dear

Thanks for the heads up on Photobucket.

Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Photobucket Warning
From: foggers
Date: 13 Aug 12 - 04:02 PM

Lawks, if any poor deluded hacker dug their way to nudie pics of me they could probably sue me for the costs of the indepth therapy they would need in order to expunge the images from their tiny wee minds!

Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Photobucket Warning
From: JohnInKansas
Date: 13 Aug 12 - 04:08 PM

This doesn't seem to be anything that has been exploited for "identity theft" of any usual kind, and the half-dozen warnings I've seen in the past week or two are mostly directed at "young people" who might be into posting "sexy stuff" for their friends.

The purpose(?) for making the photos inside a Private folder accessible was/is so that you can send the individual photo URL to someone you do want to have look at it, without giving that person access to the rest of the photos in the folder. The "hole in the bucket" is the way the site creators intended it to work.

It does require the use of "illicit" and probably illegal software for someone to "fusk" into a person's pages to extract the individual pictures from a Private folder; but the program(s) can be obtained easily and the "fusking" is apparently quite easy to do.

The warnings are mostly just a reminder that nothing is really private once you click "Send" and Photobucket is just one of many sites with more of an "appearance of privacy" than any reality of same.

This is one of my concerns about the recent fad in "cloud storage" but apparently I'm about the only one concened. (The other two haven't commented much.) Claims about security are poorly and vaguely substantiated, and some "RB" might put her stuff beside my junk and make the whole site a target worth penetrating. I figure it's safer on my own hardware, since the locals at least can tell from the old sofa in the front yard and the flowers in the old "whiteware" that there's nothin' to steal more'n about half a six pack.


Post - Top - Home - Printer Friendly - Translate
  Share Thread:

Reply to Thread
Subject:  Help
Preview   Automatic Linebreaks   Make a link ("blue clicky")

Mudcat time: 15 November 12:03 PM EST

[ Home ]

All original material is copyright © 1998 by the Mudcat Café Music Foundation, Inc. All photos, music, images, etc. are copyright © by their rightful owners. Every effort is taken to attribute appropriate copyright to images, content, music, etc. We are not a copyright resource.