Hacker News new | comments | ask | show | jobs | submit login

IMO the author is conflating two separate "issues".

> TL;DR: short URLs produced by bit.ly, goo.gl, and similar services are so short that they can be scanned by brute force.

This is not the issue for OneDrive. Everyone knew this already, right?

For Google Maps, it's definitely more nuanced. I'm glad Google acted swiftly.

> Our scan discovered a large number of Microsoft OneDrive accounts with private documents. Many of these accounts are unlocked and allow anyone to inject malware that will be automatically downloaded to users’ devices.

This is the issue for OneDrive. I'm not a OneDrive user, but if the documents are publicly editable per a setting the user controls, this isn't a "vulnerability" either.




> if the documents are publicly editable per a setting the user controls, this isn't a "vulnerability" either.

These services advertise it as "editable by anybody with the link" not "editable by anybody"

There is an implication that people can't get the link without you giving it to them.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: