zlacker

[return to "So this guy is now S3. All of S3"]
1. Cianti+u2[view] [source] 2023-05-04 19:04:23
>>aendru+(OP)
Solution is also on the works like use /.well-known/, so this is more like funny, rather than a big problem.

Key to trick was to have bucket named "xrpc" and store a file there: https://s3.amazonaws.com/xrpc/com.atproto.identity.resolveHa...

There is also another funny thing in the image, the user posting about is sending one from "retr0-id.translate.goog", which is odd. Somehow he has got https://retr0-id.translate.goog/xrpc/com.atproto.identity.re... to redirect to his page, and gotten that handle as well.

◧◩
2. btown+hk[view] [source] 2023-05-04 20:28:21
>>Cianti+u2
Wait - nobody had ever created a bucket named xrpc before, ever? I would have imagined that short s3 buckets were squatted similar to domain names. (Or maybe they were, and it's this person who did so!)
[go to top]