
Short URLs Considered Harmful for Cloud Services - killwhitey
http://arxiv.org/abs/1604.02734
======
itcrowd
Ouch. Microsoft handles it a little worse than Google. From the "Disclosure"
section:

> We notified Microsoft about the security and privacy risks of short OneDrive
> URLs on May 28, 2015. [...] “Brian” from Microsoft’s Security Response
> Center (MSRC) informed us on August 1, 2015, that the ability to share
> documents via short URLs “appears by design,” and thus “does not currently
> warrant an MSRC case.” [...] Microsoft changed the API so that the account
> traversal methodology [...] no longer appears to work. As of this writing,
> all previously generated short OneDrive URLs remain vulnerable to scanning
> and malware injection.

> We notified Google about the privacy risks of short Google Maps URLs on
> September 15, 2015. Google promptly responded to our report. As of September
> 21, 2015, newly created short URLs to Google Maps have 11 or 12-character
> tokens and are thus not vulnera- ble to brute-force scanning.

------
themodelplumber
I thought this was going to be about link rot or something but not
security...wow, quite fascinating

~~~
naveen99
Off topic: your comment about INTJ tricks and weaknesses helped me. Got the
quenk book, also helpful. any other references to explore further ?

~~~
themodelplumber
Hi, just saw your reply. I'm glad it helped. Other books I recommend are "The
Wisdom of the Enneagram," (very good advice, though based on a different test)
"8 Keys to Self Leadership" (fun exercises for INTJs, mainly Ni, Te, Ti, Se,
and Fi, but also Fe and Si if you really want to round out your personality--
btw Nardi himself is an INTJ) and "The New Diary" by Rainer (a good way to
coax out helpful extraverted thinking in an INTJ).

Online references I like include the Socionics wiki and the Personality Junkie
website.

[http://personalityjunkie.com/the-intj/](http://personalityjunkie.com/the-
intj/)

Hope that's helpful.

~~~
naveen99
Fantastic! Thanks.

