Hacker News new | past | comments | ask | show | jobs | submit login
Short URLs Considered Harmful for Cloud Services (arxiv.org)
21 points by killwhitey on April 14, 2016 | hide | past | favorite | 5 comments

Ouch. Microsoft handles it a little worse than Google. From the "Disclosure" section:

> We notified Microsoft about the security and privacy risks of short OneDrive URLs on May 28, 2015. [...] “Brian” from Microsoft’s Security Response Center (MSRC) informed us on August 1, 2015, that the ability to share documents via short URLs “appears by design,” and thus “does not currently warrant an MSRC case.” [...] Microsoft changed the API so that the account traversal methodology [...] no longer appears to work. As of this writing, all previously generated short OneDrive URLs remain vulnerable to scanning and malware injection.

> We notified Google about the privacy risks of short Google Maps URLs on September 15, 2015. Google promptly responded to our report. As of September 21, 2015, newly created short URLs to Google Maps have 11 or 12-character tokens and are thus not vulnera- ble to brute-force scanning.

I thought this was going to be about link rot or something but not security...wow, quite fascinating

Off topic: your comment about INTJ tricks and weaknesses helped me. Got the quenk book, also helpful. any other references to explore further ?

Hi, just saw your reply. I'm glad it helped. Other books I recommend are "The Wisdom of the Enneagram," (very good advice, though based on a different test) "8 Keys to Self Leadership" (fun exercises for INTJs, mainly Ni, Te, Ti, Se, and Fi, but also Fe and Si if you really want to round out your personality--btw Nardi himself is an INTJ) and "The New Diary" by Rainer (a good way to coax out helpful extraverted thinking in an INTJ).

Online references I like include the Socionics wiki and the Personality Junkie website.


Hope that's helpful.

Fantastic! Thanks.

Applications are open for YC Summer 2021

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact