back to article Pain spotting: Russia's Aeroflot Docker server lands internal source code, config files on public internet

Russian airline Aeroflot has exposed to the public internet the internal blueprints for its website, aeroflot.ru, The Register has learned. Specifically, the biz has left a Docker registry server open to all the world to see: if asked nicely, with no authentication, it will cough up compressed archives of the confidential …

Silver badge

Shock

I'm shocked, shocked! Websites are created by incompetents!

2
6
FAIL

Re: Shock

Aren't most websites are created in this manner???

2
2

So much for Russian hackers

Who needs Russian hackers when you have Russian IT professionals...

11
3
Silver badge

Re: So much for Russian hackers

Honor among countrymen maybe? No Russian would dare hack them. Now China is another matter.

0
1

No security without obscurity!

4
1

This post has been deleted by its author

Silver badge

No obscurity whatsoever there, I'm guessing they really favour open source! (probably unwittingly...)

1
1

To segue from my previous comment: have there been any successful attacks against Aeroflot during the years the code has been exposed? I mean, other than the nation-state cyber attack against their VPN?

4
0
Silver badge

No, they just went for the insecure code in the British Airways site instead .. much easier to hack.

6
0
Silver badge
Big Brother

How responsible of you...

”We have decided not to link to the server exposing the information, nor go into detail on the data-leaking vulnerability, in the interests of responsible disclosure.”

In other words, “...because we don’t want to come into work one day and find Novichok smeared on our door handles”

18
4
Silver badge
Joke

Re: How responsible of you...

I hear Salisbury Cathedral is nice to visit at this time of year...

15
0
Silver badge
Pint

Re: How responsible of you...

@Korev

as they say, one up vote is not enough...

"I hear Salisbury Cathedral is nice to visit at this time of year..."

4
0
Joke

Re: How responsible of you...

Salisbury Cathedral is terrible to visit at this time of year - very little mud and slush so most people go to Stonehenge instead.

Much better to go in late winter when the cooler temperatures provide a good excuse for not hanging around for very long and getting back on the train to London before anyone asks questions.

2
1
Silver badge
Thumb Up

Re: How responsible of you...

Don't bother with Stonehenge, pop down to Avebury instead. Stonehenge doesn't have a village pub in the middle of the circle.

11
0
Silver badge
Pint

Re: David 132

I see you've been downvoted 4 times...So 1 is Corbyn, 1 from Putin, and 2 from the Russian hitmen right?

Yes, I ordered the pint of polonium sir...

6
2
Anonymous Coward

Re: How responsible of you...

Puhleeze... The foliage is fantastic here around Fort Meade every and each fall. Why are those bros ignoring it? No reports of Novichok here whatsoever…

2
0
Silver badge

Now I'm confused

Do we have to not ban docker because it wasn't not used by the Russian secret service to leak secret of a Russians to foreign agencies ?

2
0
Anonymous Coward

Do they still have gulags?

I think some Aeroflot IT bods may be going on a trip.

2
0
Bronze badge

English

Why are all the filenames in English?

Just seems a bit strange to me that they would outsource... all the away out of Russia.

2
0

This post has been deleted by its author

Anonymous Coward

Re: English

They only use Slavic identifiers when hacking US elections.

1
0
Silver badge
Facepalm

Re: English

If you build your website on the cheap then you're getting a template with a different colour scheme, not a unique specially built website. Add to that poor security and i think we have our reason of how this happened.

0
1
Silver badge

More pictures of Russian air hostesses, please.

2
0
Silver badge
Coat

If you try to hack Aeroflot's website, you'll get a prize.

One-way ticket to the Gulag.

Leaving for a safe house at an undisclosed location post-haste.

0
0
Anonymous Coward

Their website doesn't crash as frequently as their planes

0
1

This post has been deleted by its author

You mean the site has never crashed at least in the last 10 years? Not bad, not bad at all.

0
0
Silver badge
Meh

I am at a loss, here ... does this mean that OpenBSD, FreeBSD, Linux kernel, tar, nc, and many other pieces of software are a risk ? I mean, ok, here, somebody can run a copycat website on, say www.aerofloat.ru and potentially trick ppl into given away their hard earned cash ... but anything can siphon the website looks ... I fail to grasp ... of course, they might find sqlinjection points and with a database flavor it is easier to mount an attack ... but still ... meh

3
0
Headmaster

if it's been done properly then there's no risk in exposing the source code..

if it's been done properly then there's no risk in exposing the source code..

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2018