Friday April 15, 2016

Google, Microsoft Address Problems in Their URL Shorteners

Researchers from Cornell Tech university have published a paper outlining serious privacy risks discovered in shortened URLs from cloud services such as Microsoft's OneDrive and Google Maps. According to the article, hackers can use brute force attacks to access files or even driving directions.

According to research carried out over 18 months, the two have found that most URL shortening services employ short random character tokens, which attackers can break with brute-force attacks. This type of attack allows a third-party to scan massive batches of random shortened URLs, revealing the long URLs behind, which in some cases may link to unprotected private files holding sensitive or corporate information.

Comments