Read on Twitter

Michał and his terrible jokes @ WWDC @justMaku

, 11 tweets, 3 min read Read on Twitter

@amazon

@amazon

Thread: Since @amazon have fixed this let me tell you a story how they’ve been leaking unreleased books for god knows how long. A proper blog post will be coming later this week, but here’s a small “preview”.

As you might be aware of, Amazon has a nice feature where they allow you to preview a small portion of the book you’re about the buy before the purchase. It looks something like this:

If you look closely you will also notice the search bar on the right side. Under that search bar you will see the list of results. The result I’m getting is from page 73 that according to the nice warning message in the middle shouldn’t be accesible. With a small excerpt. Nice.

With a crude Ruby script I was able to automate this API call and in under an hour I had almost 3mb of these excerpts from the book. I’ve started with a fairly small list of unique keywords and then whatever result I got, I divided in half and searched for that phrase.

That gave me both some extra words before and after the searched phrase. This gave me a list of search results of overlapping phrases as such:

The actual stitching the individual lines together was the hardest part (which in the end turned out to be trivial) . Using an LCS algorithm I was able to combine them into a readable text:

Here’s a comparision with the real page from Amazon: close, isn’t it?

Few things to note: there was no rate limiting on this API endpoint so at one point I had over 400 threads making few requests per second. Sometimes a request would fail, but I could just reply it and it would work just fine.

Amazon treated this very seriously, under a week from the initial contact to the final fix. First hotfixes started appearing under 12 hours. Overall their security team is A+ but…

Amazon has no bug bounty program. So even if this saved their ass, I didn’t even get a lousy t-shirt. Upon learning that I considering releasing this without prior report to Amazon. Unfortunately this vulnerability would mostly hurt the authors and not the actual culprit.

Also, this thread is full of typos and grammar errors, it’s morning, don’t @ me.

Like this thread? Get email updates or save it to PDF!

Subscribe to Michał and his terrible jokes @ WWDC

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Like this thread? Get email updates or save it to PDF!

Subscribe to Michał and his terrible jokes @ WWDC

This content may be removed anytime!

Try unrolling a thread yourself!

Related threads

Trending hashtags

Did Thread Reader help you today?