url shorteners URL shorteners may be exposing your private information

[Reefa]

 

URL shorteners  have been around for a while, and can be rather useful. This is especially true when using services like Twitter, which limit the number of characters you can use. But there are hidden dangers to using a shortener that you might not even be aware of.

 

Imagine that you've got a file in your OneDrive account that you want to share with someone. If you go in and create a link to it, Microsoft will use Bit.ly to craft a much shorter link, which looks a lot nicer than the full one. If you use a OneDrive account, then it's very possible that you've done this before, and not thought twice about it. But it turns out that in the right hands, that simple shortened link can tell a person how to access your other files.

 

According to a team of researchers, the URL that's generated has a very predictable structure. This structure can be used to find the full URL, and eventually browse through other files on the user's account. What's more, when they were conducting their tests, they were able to find some writable files that they could access. This means that they could easily delete them, or if they want to be more malicious, they could inject malware into the files.

 

Imagine downloading a file that you'd saved on your OneDrive, and finding out that it ended up causing some serious issues on your computer. You'd never have any idea that someone else was able to modify it while it was sitting in the cloud. That would come as quite a shock when you discovered it.

 

Spoiler

 

Microsoft's OneDrive  isn't the only service that the researchers found issues with, when it came to shortened URLs. Google Maps links were also vulnerable at the time of the study. They were able to scan the five-character token links, and pull data such as the user's name, age, and the route they were planning to take.

 

Google responded quickly to the team's findings, and increased their character tokens to 11-12 characters, and implemented measures to prevent bots from scanning their URLs.

 

As for Microsoft, shortly after being contacted about the vulnerabilities found in their service, they disabled link shortening in OneDrive. The company hasn't stated whether or not the team's findings played any part in that decision, but it would stand to reason that it did.

 

These are just two services that utilize URL shorteners, and while their vulnerabilities have been patched up (or eliminated, in OneDrive's case) that is still a bit worrying. It should serve as a good warning about the potential dangers of URL shorteners. Just remember that if a service uses one, there is the possibility that vulnerabilities such as the ones outlined above could exist.

 

source

[DKT27]

Never liked or trusted these url shortners. Their security risks outdo their benefits I think.

[steven36]

36 minutes ago, DKT27 said:

Never liked or trusted these url shortners. Their security risks outdo their benefits I think.

This how some free services get paid  with out them more things would not be free. Many pay money  for hits,   but i see no need  for them for just posting a link  unless you use it  to support  you're sites income .  Short linking is not anonymizing the link no how if you must use them maybe its best to  anonymize the link with some other service 1st  . But if the short link is vulnerable  dont this mean the long link would be too thats not hidden at all ?  I  don't store and share stuff in the cloud very often any more for like 5 years and if i share something i just upload behind a vpn not signed in. Its sort like ads i never liked them so i block  them,  but with out them  there would be no free internet , because they pay money . I dont like url shortners ether but with out them many free services would not exist  because they pay money so i use adsbpassyer to get around  the ones i can.

[DKT27]

25 minutes ago, steven36 said:

This how some free services get paid  with out them more things would not be free. Many pay money  for hits,   but i see no need  for them for just posting a link  unless you use it  to support  you're sites income .  Short linking is not anonymizing the link no how if you must use them maybe its best to  anonymize the link with some other service 1st  . But if the short link is vulnerable  dont this mean the long link would be too thats not hidden at all ?  I  don't store and share stuff in the cloud very often any more for like 5 years and if i share something i just upload behind a vpn not signed in. Its sort like ads i never liked them so i block  them,  but with out them  there would be no free internet , because they pay money . I dont like url shortners ether but with out them many free services would not exist  because they pay money so i use adsbpassyer to get around  the ones i can.

 

I must mention that redirectors which pay users for linking are banned on nsane.forums though. I do not need to mention which famous one I'm referring to.

[steven36]

1 minute ago, DKT27 said:

 

I must mention that redirectors which pay users for linking are banned on nsane.forums though. I do not need to mention which famous one I'm referring to.

Weill many filehost are too  , But this site is not supported through  filehost or url redirectors its supported through ads  and donations .  But it dont reflect  on what the rest of the internet does  and the fact a lot good free things are hiding  behind  them on the internet in general .  That's what i have bookmarks for if a site dont have what i want  i just go get it somewhere else.