WingNews logo WingNews
top | item 6430077

Twitter Tweet Button URL randomly resolves to a .torrent file

70 points| gregclermont | 12 years ago |gist.github.com

43 comments

order

blahpro|12 years ago

My guess: many CDNs allow you to exclude the querystring from the cache key, so it's possible that one person requested the URL with ?torrent in the querystring (which causes S3 to serve a .torrent response) and that the request hit a cold cache. The response with type application/x-bittorrent was then cached under the querystring-less cache key, causing it to be served to anyone else hitting that edge node with the path /widgets/tweet_button.html.

Again: this is just my guess.

gazarsgo|12 years ago

I thought Twitter was all private DC, did platform previously point to S3?

StavrosK|12 years ago

This is my exact guess as well. I would be surprised if it turned out to be something else.

psz|12 years ago

platform.twitter.com is hosted at Amazon S3 (via an additional CDN).

All S3 files by default can be distributed with torrent, if the URL is appended with ?torrent

S3 servers will act as a tracker and seeds.

vdaniuk|12 years ago

That is a cool feature, actually.

sdfjkl|12 years ago

Now you just need browser support for downloading HTTP bodies via BitTorrent. Not actually a bad idea for sufficiently large ones :)

toretore|12 years ago

So that's what that was. Happened to me yesterday.

dud3z|12 years ago

You can reproduce it by pretending that the IP is "68.232.35.139" by modifying your own /etc/hosts file, not funny indeed.

laveur|12 years ago

I had this happen when I loaded an article from TechCrunch just a couple of minutes ago. USA here.

bagosm|12 years ago

Reproduced a couple minutes ago in Greece. Oh the bug? I didn't check it out yet.

harvestmoon|12 years ago

I also have this bug on BusinessInsider and other sites. Does not look good. Surprised there isn't more coverage of this.

gregparadee|12 years ago

Just happened to me on Businessinsider.

samspenc|12 years ago

Happened to me on a tech news website earlier today (forget which one exactly)

MichaelAza|12 years ago

This seems like a major security issue, since some browsers (Chrome, at the very least, and probably others) can be set to automatically open a torrent client when links to .torrent files are clicked.

Is it possible someone hijacked this IP?

Edit:

1. Seems the IP belongs to a CDN (edgecast).

simias|12 years ago

In what scenario is opening a torrent client a major security issue?

Uchikoma|12 years ago

Happens to me today on Spiegel.de - one of the largest German sites (news site)

th0br0|12 years ago

Can not reproduce from Germany (manually added the hosts entry)

luastoned|12 years ago

It works without the host file hack (from Germany).

Edit: I just browsed TC and I am getting the torrent download there too..

dud3z|12 years ago

That's odd, it's the only way for me to reproduce it..

Uchikoma|12 years ago

Happens to me on Spiegel.de

ahamdy|12 years ago

reproduced in Egypt, this thing is all over the place

program|12 years ago

Reproduced from Italy just a couple of minutes ago.

saze|12 years ago

reproduced from France a couple times yesterday