Date Posted: 8/29/2016

Vitaly Shmatikov's paper with Cornell Tech visitor Martin Georgiev, "Gone in six characters: Short URLS considered harmful for cloud services", received widespread press coverage, including in Wired, Forbes, Vice, Boing Boing, Hacker News, and around the world.  Wired wrote, "The researchers’ work demonstrates the unexpected privacy-invasive potential of “brute-forcing” shortened URLs: By guessing at shortened URLs until they found working ones, the researchers say that they could have pulled off tricks ranging from spreading malware on unwitting victims’ computers via Microsoft’s cloud storage service to finding out who requested Google Maps directions to abortion providers or drug addiction treatment facilities."

The Cornell Chronicle writes, "Since their warning appeared, the researchers reported, Google has lengthened the URLs of its map links and Microsoft has dropped the 'shorter URL' option for OneDrive users (causing users to complain). A lot of other problems have been fixed in various ways, but the thought to keep in mind: 'Any document shared on a cloud service is effectively public.'"

Links to coverage of the discovery can be found here.

Image: Then One / Wired