Google and Microsoft’s shortened URLs make it easy to spy on people

Shortened URLs are convenient: they’re a whole lot easier to handle than unwieldy strings that email messes up with line breaks when you cut and paste them.

But that same brevity also makes URLs from the likes of bit.ly, Google and Microsoft easier to crack, potentially exposing personal data to anyone who cares to look, security researchers have found.

Cornell Tech’s Martin Georgiev and Vitaly Shmatikov on Thursday published the results of an 18-month study that found the 5- or 6-character tokens added to domains such as 1drv.ms or goo.gl are so short, all possible URLs can be scanned by brute force by “anyone with a little patience and a few machines at her disposal.”

Those short URLs are, in effect, public, the researchers say.

The researchers didn’t scan all possible short URLs, though their analysis showed that a more powerful adversary could pull it off – say, with a botnet.

Read more from this link https://nakedsecurity.sophos.com/2016/04/18/google-and-microsofts-shortened-urls-make-it-easy-to-spy-on-people/?utm_source=Naked+Security+-+Sophos+List&utm_campaign=bf88af611d-naked%252Bsecurity&utm_medium=email&utm_term=0_31623bb782-bf88af611d-455143393