“Older shortened URLs Google and Microsoft open to abuse ‘

Apr

16

2016

Through “brute force” it is possible to reduce shortened URLs to private URLs, researchers at Cornell Tech University in the United States. The researchers include for abbreviated Maps- Google, Microsoft OneDrive- and Bit.ly addresses.

The way to guess the URLs is simple; be shortened URLs to guess six characters, until it is found working. The researchers were thus able to spread via malicious tricks, writes Wired. This they could do by example, Microsoft OneDrive. They could find out who was behind the Google Maps requested routes to eg an abortion clinic or addiction. After the investigation, but for publication, the researchers suggested Microsoft and Google informed. Google has the number of characters on Maps since September 15 increased to eleven or twelve and Microsoft, the service completely. However, his old shortened URLs are accessible to OneDrive.

The researchers got the idea for the research to do after they came out of certain Google services and Microsoft use made ​​of Bit.ly’s URL shortener to generate URLs of only six, seemingly random characters. That number is so small that it is relatively easy to generate random URLs and to visit and analyze. One of the researchers tells Wired that a is not possible very large number of machines to scan the entire address space and to see what is behind the URLs.

The problem was in the fact that Google and Microsoft used the service to generate shortened URLs leading to semi-private documentation. In the case of Microsoft researchers generated 71 million URLs, of which there were 24,000 live. About seven percent of the visited Drive files or directories was found by adjusting the researchers. In this way, had malicious files can be added to directories. As that would then synchronize to a local PC, it would be a way to spread malware.

At Google Maps showed ten percent to reduce the 23 million generated URLs to a location or directions. led more than 16,000 of the routes to a hospital. Other card services had the same problems, but on a much smaller scale.

Viewing:-198

In: Technology & Gadgets Asked By: [15785 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »