Your IT Consultant

Cloud Security Compromised by URL Shorteners

April 20, 2016

I have never been a fan of shortened URLs since you really have no clue where you will end up on the Internet. Apparently, this "discovery" is big news to several security researchers. According to a recent post on ars technica, Vitaly Shmatikov of Cornell Tech and visiting researcher Martin Georgiev conducted an 18-month study in which they focused on OneDrive and Google Maps. They discovered that shortened URLs are very predictable. This means that you can manually modify a shortened URLs and bypass security of a lot of cloud providers. According to Shmatikov, "Short URLs produced by bit.ly, goo.gl, and similar services are so short that they can be scanned by brute force." Is that a security risk or what?

I still stand by my original advice to avoid using and clicking on shortened URLs. I know most people will not listen to this advice, but then you'll have to suffer the consequences of having someone gaining unauthorized access to your data or visiting a site that is laden with malware.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.linkedin.com/in/johnsimek
http://www.senseient.com