Postimees leaks IP addresses of comment authors

postimees_commenter_IP_address

Postimees is holding IP addresses of comment authors in the parrot.php JSON file. The field “tsa” seems to hold integer which is IP and the other part is MD5 hash. This IP can be used to find out from which company’s network the comment originates from.

$ ping 3240627210
PING 3240627210 (193.40.12.10) 56(84) bytes of data.
64 bytes from 193.40.12.10: icmp_seq=1 ttl=60 time=9.68 ms

Few years ago the Postimees had the same mistake which they fixed, but now the same mistake is introduced again.

Links:
https://tingmarprog.wordpress.com/2016/02/25/postimehe-kommentaariumis-ip-jalle-avalikult-nahtav/

Leave a Reply

Your email address will not be published.