Gone In Six Characters: Short URLs Considered Harmful for Cloud Services
Vitaly Shmatikov | April 14, 2016
URL shorteners such as bit.ly and goo.gl perform a straightforward task: they turn long URLs into short ones, consisting of a domain name followed by a 5-, 6-, or 7-character token. This simple convenience feature turns out to have an unintended consequence. The tokens are so short that the entire set of URLs can be scanned by brute force. The actual, long URLs are thus effectively public and can be discovered by anyone with a little patience and a few machines at her disposal.
 |
| "Fine-grained data associated with individual residential addresses can be used to infer interesting information about the residents. We conjecture that one of the most frequently occurring residential addresses in our sample is the residence of a geocaching enthusiast. He or she shared directions to hundreds of locations around Austin, Texas, as shown in the picture, many of them specified as GPS coordinates. We have been able to find some of these coordinates in a geocaching database." Source: https://freedom-to-tinker.com/blog/vitaly/gone-in-six-characters-short-urls-considered-harmful-for-cloud-services/ |
<more at https://freedom-to-tinker.com/blog/vitaly/gone-in-six-characters-short-urls-considered-harmful-for-cloud-services; related articles and links: http://www.computerworld.com/article/2525532/cybercrime-hacking/hacker-cracks-tinyurl-rival--redirects-millions-of-twitter-users.html (Hacker cracks TinyURL rival, redirects millions of Twitter users. 'Single point of failure' in Cligs short URL service shunts 2.2 million addresses to blogger. June 16, 2009) and https://www.stopthehacker.com/2010/02/19/analyzing-url-shorteners/ (StopTheHacker:The Curse of the URL Shorteners: How Safe Are They? February 19, 2010)>
No comments:
Post a Comment