Cornell Tech researchers have published a paper warning that URL shorteners cause potential privacy problems in cloud services.<\/p>\n
Titled Gone in Six Characters: Short URLs Considered Harmful for Cloud Services<\/a><\/strong>, the paper said that for many services it was easy to search through all possible combinations of URL mappings.<\/p>\n Until September 2015, Google used\u00a0five characters in its URL shortener.<\/p>\n The researchers were able to search through all of the short links generated by Google Maps, discovering people’s private addresses and other sensitive information, Boing Boing reported<\/a><\/strong>.<\/p>\n Google has since increased the token size of its Maps URLs to 11 or 12 characters.<\/p>\n Microsoft\u2019s One Drive was similarly easy to search, and in 7% of cases One Drive accounts exposed in this way let anyone write into them.<\/p>\n This could let an attacker copy files\u00a0onto your\u00a0system.<\/p>\n Ars Technica reported<\/a><\/strong> that the researchers also looked through 100 million addresses on bit.ly\u2019s domain space, using 189 machines to access the bit.ly service\u2019s search API.<\/p>\n Of the six-character tokens they searched, 42\u00a0million\u00a0resolved to URLs. Of these, 19,524 lead to OneDrive files and folders, most of them live, the researchers said.<\/p>\n Searching through seven-character tokens resulted in a 29% hit rate, with 47,081 OneDrive and SkyDrive URLs – of which 35,541 were live.<\/p>\n According to the researchers, Microsoft has stopped offering bit.ly URL shortening directly in OneDrive, but the company\u00a0did not\u00a0acknowledge short URLs as a security hole.<\/p>\n Beware of new WhatsApp Vodacom Call Sponsor scam<\/strong><\/a><\/p>\n Apply online for a Gauteng school spot at your own risk<\/strong><\/a><\/p>\n How safe your smartphone lock screen is<\/strong><\/a><\/p>\nMore security news<\/h3>\n