Network security, Vulnerability management

Researcher scores $10K+ bounty for digging up Vine’s source code

Bradley BarthJuly 26, 2016

A researcher earned $10,080 from Twitter's bug bounty program after discovering he could access a supposedly private online registry that led him to the complete source code for Twitter's Vine video-sharing service.

The researcher, known online as Avicoder and identified in some reports as Indian computer security researcher Avinash Singh, reported in a blog post that the vulnerability resided in an insecure setup for Docker, an open-platform software container technology that helps companies build, deploy and run applications.

Earlier this year, Avicoder sniffed out a private Vine app Docker registry that was inadvertently accessible to the public. According to his blog, Avicoder queried the registry and accessed over 80 images, one of which contained “the entire source code of vine, its API keys and third party keys and secrets,” allowing him to “host a replica of Vine locally.”

Avicoder reported the bug to Twitter in March, and the bug was fixed in five minutes.

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Vulnerability management

Security vs. Operations – Balancing the Risk – Ross Leo – CSP #114

March 21, 2023

The role of CISO is one filled with challenges and decisions. Frequently, a CISO is faced with having to decide in compromise with Operations, in favor of Operations. This can be a very difficult and risky choice to make - but the ideal of having both get 100% of what they want, or need is not realistic. How to do this? In this session, we discu...