

Safe & Simple Amazon Glacier for everyone - only 4 weeks after the Icebox fiasco - blackdanube
http://bit-chest.com/?icebox=true

======
FireBeyond
Why the ?icebox=true parameter? I can't see any reference to it anywhere else,
so it makes me wonder if this is targeting - that, and what exactly is the
"Icebox fiasco" (I know of the client, but never heard of a fiasco).

~~~
blackdanube
To be honest, that's a tracking parameter, so I know where the clicks come
from. You'd be surprised where HN percolates to! Maybe I should do a write-up
on that.

The Icebox fiasco is the fact that for a pretty long time, Ice Box Pro allowed
watching every user's complete credentials (including Amazon keys) via a
simple change in the URL parameter.

You can read the details of the vulnerability here:
[http://blog.ryankearney.com/2012/10/never-give-your-
informat...](http://blog.ryankearney.com/2012/10/never-give-your-information-
to-10-minute-old-startups/)

However, much more telling is the story in the comments of the original
IceBoxPro thread here: <https://news.ycombinator.com/item?id=4619411>

