Gone In Six Characters: Short URLs Considered Harmful for Cloud Services

Wed, 4 May 2016 13:24:41 +1000

Andrew Pam <xanni [at] glasswings.com.au>

Andrew Pam
<https://freedom-to-tinker.com/blog/vitaly/gone-in-six-characters-short-urls-considered-harmful-for-cloud-services/>

"TL;DR: short URLs produced by bit.ly, goo.gl, and similar services are so
short that they can be scanned by brute force.  Our scan discovered a large
number of Microsoft OneDrive accounts with private documents."

Top tips:

1. Security is hard
2. Anything publicly accessible on the Internet is not hidden
3. Microsoft doesn't take security very seriously

Cheers,
        *** Xanni ***

Comment via email

Home E-Mail Sponsors Index Search About Us