This is the result of an an interesting debate if security and privacy are separated and how privacy and probability are related.
The core of the issue is that images that are marked “private” are actually public URL’s which can be easily enumerated. While SmugMug offers stronger mechanism for access control, I do believe this one creates a false sense of security.
SmuMug is a great site and it seems the people who make it are really innovative and smart. However, in the end, the question is how much would it cost to break it, assuming there is one evil person who wants to abuse it.
The surprising answer is 2535$.
I’ll demonstrate by assuming there is one evil person in the world who hates SmugMug for being so cool and successful.
This person decides to spend his hard earned money to create a publicity nightmare.
Lets assume there are 1 Million real picture out of the 250 Million possible URL’s (the actucal number does not really matter).
He spends 500$ (100*0.01$/HR*5000HR) to get 100 servers from Amazon EC2 and use them for 2.08 days. Each server can send 50,000 HTTP requests per hour.
After 2 days the evil person knows exactly the links to the one million “private” pictures ( 50*50,000*100 = 250,000,000 ).
He needs to pay 10$ for bandwidth for the pictures ( 1M * 0.1MB * 0.0001$/MB).
The non existing links would cost 25$ ( 250,000,000 *0.0001$/MB *0.001
Total cost is 535$ to get all the pictures.
BTW, since SmugMug is using amazon’s S3, bandwidth cost would probably be 0$ since bandwidth between S3 and EC2 is free
In order to find the interesting ones he uses Amazon Mechanical Turk. He pays 0.01$ for 5 images classification (a HIT) so the total cost would be 2000$ (1M * 0.01$/ 5).
Now the evil hacker can post top 1000 photos in Flicker and get his evil wish fulfilled (2535$ cost)
So, I suggest SmugMug keep doing the great work they are doing, but also invest the time and effort to fix this issue.
The fact no one has complained so far, is merely because the attack didn’t take place so far. Security through obscurity does not work in the long run.
It is a shame that one evil person can cause so much work and harm to so many good people, but that’s life.
Tags: Elastic Computing