1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

IDG Contributor Network: Personal data is exposed by older, shortened URLs

Discussion in 'Network World' started by RSS, Apr 18, 2016.

  1. RSS

    RSS New Member Member

    Services that convert long, cumbersome URLs, such as those found in mapping directions, to short URLs are publicly exposing the original URL.

    Original addresses can be obtained through brute-force scanning, researchers say. And that vulnerability allows foes to track an individual’s possibly sensitive movements, as well as see perceived-of-as-private documents.

    Additionally, the brute force-exposed cloud documents could allow “adversaries” to “inject arbitrary malicious content into unlocked accounts, which is then automatically copied into all of the account owner’s devices,” say Vitaly Shmatikov, of Cornell Tech, and Martin Georgiev, an independent researcher, in their paper (PDF). They made the discovery.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page