Wednesday, March 27, 2013

The font, the flyer, and the exposed filesystem - Adobe goofs

I'm on Adobe's mailing list, and the company recently sent me an email touting an online game called "The Font, The Flyer, and the Freak-Out."

Your boss's future depends on the success of one document. Can you save the day?

The "See How" button included a link to a long URL at I clicked the button, and ended up at a long URL at

Because of the chance that said link included identifying information that linked to that particular email, I figured that I'd see if I could play the game without providing that identifying information. So I decided to lop off the ending part of the URL, and go directly go

This is what I saw.

Yep, going directly to that link - at least when I tried it - exposed a computer's filesystem. I didn't really try exploring it a lot, other than to click on the "js" directory.

It's bad enough that a product's URL exposes the plumbing behind the web pages.

It's even worse when said product has already had to deal with security issues.

While the security of a website does not directly affect the security of a compiled program, it doesn't exactly give you the warm fuzzy.
blog comments powered by Disqus