Jonas Lodewegen

File downloads disabled because of security risk

Written by Jonas Lodewegen on
security

Yesterday afternoon, Copernica disabled file downloads upon the discovery of a security risk by one of our users. The reporting user was able to download random files by manually altering URLs. To prevent abuse, all file downloads were disabled completely on the spot. Please note that this is limited to the files that did not require logging in as registered Copernica user.

What consequences does this have?

Whenever mailings containing links to files other than images (such as PDF files or attachments made available through the web version of message) are sent, the linked files are currently not accessible. This means that attachments can no longer be downloaded via the web version of a message and that links to other files are effectively dead. Users who follow any such links, will be shown a blank page. This is the case for all mailings, historic and current.

Copernica's R&D team are currently working on a fix that will allow us to re-enable file downloads in a secure manner.

The affected files were not listed anywhere and were not linked to in any way, nor were they indexed by any search engine. The files could only be found haphazardly. After careful and thorough investigation, Copernica has found no indications that files were actually downloaded.

Related articles

The domain copernica.net

As you may know, through the dashboard of the Marketing Suite you can configure the so-called sender domains. In this feature we made a small change.

New link tracking system

Copernica has a new link tracking system. For the last few months, this new system has been tested by a part of our customer base. This pilot went great, which means that from now on we are rolling this system out for everyone. Note that this feature is not visible yet in every account.