back to article Pain spotting: Russia's Aeroflot Docker server lands internal source code, config files on public internet

Russian airline Aeroflot has exposed to the public internet the internal blueprints for its website, aeroflot.ru, The Register has learned. Specifically, the biz has left a Docker registry server open to all the world to see: if asked nicely, with no authentication, it will cough up compressed archives of the confidential …

  1. arctic_haze Silver badge

    Shock

    I'm shocked, shocked! Websites are created by incompetents!

    1. Fatman Silver badge
      FAIL

      Re: Shock

      Aren't most websites are created in this manner???

  2. lordminty

    So much for Russian hackers

    Who needs Russian hackers when you have Russian IT professionals...

    1. Mark 85 Silver badge

      Re: So much for Russian hackers

      Honor among countrymen maybe? No Russian would dare hack them. Now China is another matter.

  3. dvvdvv

    No security without obscurity!

    1. This post has been deleted by its author

    2. MiguelC Silver badge

      No obscurity whatsoever there, I'm guessing they really favour open source! (probably unwittingly...)

  4. dvvdvv

    To segue from my previous comment: have there been any successful attacks against Aeroflot during the years the code has been exposed? I mean, other than the nation-state cyber attack against their VPN?

    1. macjules Silver badge

      No, they just went for the insecure code in the British Airways site instead .. much easier to hack.

  5. David 132 Silver badge
    Big Brother

    How responsible of you...

    ”We have decided not to link to the server exposing the information, nor go into detail on the data-leaking vulnerability, in the interests of responsible disclosure.”

    In other words, “...because we don’t want to come into work one day and find Novichok smeared on our door handles”

    1. Korev Silver badge
      Joke

      Re: How responsible of you...

      I hear Salisbury Cathedral is nice to visit at this time of year...

      1. chivo243 Silver badge
        Pint

        Re: How responsible of you...

        @Korev

        as they say, one up vote is not enough...

        "I hear Salisbury Cathedral is nice to visit at this time of year..."

      2. theblackhand
        Joke

        Re: How responsible of you...

        Salisbury Cathedral is terrible to visit at this time of year - very little mud and slush so most people go to Stonehenge instead.

        Much better to go in late winter when the cooler temperatures provide a good excuse for not hanging around for very long and getting back on the train to London before anyone asks questions.

        1. phuzz Silver badge
          Thumb Up

          Re: How responsible of you...

          Don't bother with Stonehenge, pop down to Avebury instead. Stonehenge doesn't have a village pub in the middle of the circle.

    2. Tigra 07 Silver badge
      Pint

      Re: David 132

      I see you've been downvoted 4 times...So 1 is Corbyn, 1 from Putin, and 2 from the Russian hitmen right?

      Yes, I ordered the pint of polonium sir...

    3. Anonymous Coward
      Anonymous Coward

      Re: How responsible of you...

      Puhleeze... The foliage is fantastic here around Fort Meade every and each fall. Why are those bros ignoring it? No reports of Novichok here whatsoever…

  6. Yet Another Anonymous coward Silver badge

    Now I'm confused

    Do we have to not ban docker because it wasn't not used by the Russian secret service to leak secret of a Russians to foreign agencies ?

  7. Anonymous Coward
    Anonymous Coward

    Do they still have gulags?

    I think some Aeroflot IT bods may be going on a trip.

  8. LeahroyNake Bronze badge

    English

    Why are all the filenames in English?

    Just seems a bit strange to me that they would outsource... all the away out of Russia.

    1. This post has been deleted by its author

    2. Anonymous Coward
      Anonymous Coward

      Re: English

      They only use Slavic identifiers when hacking US elections.

    3. Tigra 07 Silver badge
      Facepalm

      Re: English

      If you build your website on the cheap then you're getting a template with a different colour scheme, not a unique specially built website. Add to that poor security and i think we have our reason of how this happened.

  9. Mr Dogshit Silver badge

    More pictures of Russian air hostesses, please.

  10. Anonymous South African Coward Silver badge
    Coat

    If you try to hack Aeroflot's website, you'll get a prize.

    One-way ticket to the Gulag.

    Leaving for a safe house at an undisclosed location post-haste.

  11. Anonymous Coward
    Anonymous Coward

    Their website doesn't crash as frequently as their planes

    1. This post has been deleted by its author

    2. dvvdvv

      You mean the site has never crashed at least in the last 10 years? Not bad, not bad at all.

  12. Hans 1 Silver badge
    Meh

    I am at a loss, here ... does this mean that OpenBSD, FreeBSD, Linux kernel, tar, nc, and many other pieces of software are a risk ? I mean, ok, here, somebody can run a copycat website on, say www.aerofloat.ru and potentially trick ppl into given away their hard earned cash ... but anything can siphon the website looks ... I fail to grasp ... of course, they might find sqlinjection points and with a database flavor it is easier to mount an attack ... but still ... meh

  13. Mookster
    Headmaster

    if it's been done properly then there's no risk in exposing the source code..

    if it's been done properly then there's no risk in exposing the source code..

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019