Monday, January 03, 2011

This is Just Asking for a Security Breach

Saw this posted on a techie forum:

Cupcaking: A fun, sexy, secure way to heat up your relationship

It purports to be a safe way to share naughty media with a paramour. I took a look at their HTTP headers to see what they are running for their server software:


$ curl -v -o /dev/null http://www.cupcaking.us/
* About to connect() to www.cupcaking.us port 80 (#0)
* Trying 204.236.129.38... connected
* Connected to www.cupcaking.us (204.236.129.38) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.16.4 (i386-apple-darwin9.0) libcurl/7.16.4 OpenSSL/0.9.7l zlib/1.2.3
> Host: www.cupcaking.us
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Mon, 03 Jan 2011 22:28:30 GMT
< Server: Apache/2.2.9 (Fedora)
< Set-Cookie: ubvs=76.240.199.148.1294093710639827; path=/; expires=Sat, 02-Jul-11 22:28:30 GMT
< X-Powered-By: PHP/5.2.6
< Set-Cookie: ubpv=p%2Cc1423c26-1246-11e0-96a1-12313e003591; expires=Wed, 06-Jul-2011 22:28:30 GMT; path=/
< Content-Length: 16936
< X-Unbounce-Variant: p
< Connection: close
< Content-Type: text/html; charset=UTF-8
<
{ [data not shown]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 16936 100 16936 0 0 33730 0 --:--:-- --:--:-- --:--:-- 60566* Closing connection #0


An old version of PHP (released in May of 2008) doesn't speak well for their security savvy. If I were you, I wouldn't try it out just yet. :-)

The Doctor's Diagnosis...

... a serious case of acute bronchitis. Prescription includes industrial strength cough suppressant (guaifenesin-codiene) and a 10-day antibiotic regimen (augmentin). Of course, that gives me a chance to pull up my favorite song that refers to codiene.