Short URL Addresses May Be Creating Easy Paths To Spy On Your Data

We’ve all seen those huge URL’s, be it for a website or a document you have saved in the cloud, they just seem to go on and on with no sign of ever stopping. Then you spot the tiny URL they offer you instead, short and sweet with only a few letters and numbers to copy and paste before you can open your document anywhere you want. Why not use it? well for starters that small URL may be creating just as easy a path to spy on your data!

Research conducted by Martin Georgiev and Vitaly Shmatikov suggest that looking at the abbreviated “short URL’s” used by companies such as Google, Microsoft, and even bit.ly, a company dedicated to creating and sharing short URL addresses, revealed that using a simple trial and error method they were able to gain access to your cloud storage files.

In particular, Georgiev and Shmatikov were able to find and access files shared through Google Drive and Microsoft’s OneDrive with short URLs. If this wasn’t scary enough, someone could place malicious code in the files that had write permissions enabled, allowing them to infect and spread their effect all through one of your files stored in the cloud. Estimating that around 7 percent of the accounts on OneDrive and Google Drive they scanned were vulnerable to this flaw, it’s scary, to say the least.

More worrying may be companies differing responses to be being alerted about this result, with Google doubling the character length of their short URLs, while Microsoft stated that the vulnerability “does not currently warrant an MRSC case”, while quietly removing the short link function on OneDrive so not to expose others to the problem while they no doubt investigate.

Seagate Sends Employees’ Payroll Information After Phishing Scam

Seagate is known for many things, but most of all they are known for their hard drives. I would recommend you look elsewhere if you are looking for something a little more secure I would say avoid them for now as it’s been revealed that employees’ payroll information was sent out after a phishing scam.

Phishing is the act of pretending to be someone else, asking for details (normally bank details or contact information) in order to gain access to information you normally couldn’t. From Nigerian Princes to Sergeant in the Army, they use anyone to obtain information. This time, the email claimed to be from Seagate’s CEO Stephen Luczo requesting data about current and former Seagate employees.

Believing the email to be genuine, the employee responded with the W-2 (Wage and Tax statement) documents. With the scope currently set at “several thousand” employees, the company has been working with federal law enforcement agencies since the incident on the 1st March. To help support their employees, two years of credit protection has been provided on the off chance that their data is used.

With most details of this nature being used in returning fraudulent tax returns with the IRS (something which is made all that much easier by being hacked recently), it could cost the government thousands if they don’t catch the culprits involved.

Raspberry Pi 3 Includes Wi-fi and Bluetooth

Computers are weird things, they get smaller each year and yet still their power and what each of them can do increases every time we blink. A prime example of this is the recent surge of mini-computers, with some hardware being as small as your phone while also letting you add and customise to your heart contents. From touchscreens to the next generation of robot wars, the small component has inspired a generation but without wireless technology, it seemed to lack something. That could change with an FCC document showing that the next generation of Raspberry Pi may solve that problem

First let’s be clear, you can connect the older Raspberry Pi’s to the wireless network but you needed to buy a wireless dongle, which means another thing you can forget and a USB port that you’ve got to take up in order to use it. The documents show that not only will the next Raspberry Pi include everything you need for wi-fi connections but it will also include Bluetooth.

The documents don’t really show that much difference, with everything else pointing to the same specification as the Raspberry Pi 2, but that doesn’t mean it won’t change.

Do you use a Raspberry Pi, or maybe something similar and if so what do you use it for?

Dropbox Confirms it Has Been Working on a Google Docs Alternative

It is said that a mysterious product dubbed Project Composer has been seen on Product Hunt, an online community website where a lot of new products are shared and discovered. The product has been available for a short time, but long enough for some users to test it before having their access cut off.

Users who were lucky enough to test it say that Composer is a note-taking tool that allows for multiple users to edit and share files simultaneously. This means that Dropbox users would create and edit documents on-the-fly and without the need to use an external document editing tool.

While it was fairly clear that Dropbox accidentally leaked its project online, the company chose to deny and comment on it… at least at first. Dropbox’s head of product, business and mobile, Ilya Fushman, has confirmed that Composer is indeed one of the company’s new products that is about to hit the market.

“We’re always testing new products. We always have a bunch of stuff we’re working on — and this is one of them,” Fushman told Business Insider.”We’re excited it’s got us on Product Hunt. I think you’ll see us come out with some other stuff in that space,” he added.

However, Fushman did not provide an exact release date for Composer, stating that Dropbox usually tests its new products with thousands of customers before officially releasing it, a strategy that helps the company make sure it has the right market fit.

“We want people to use them and get feedback,” Fushman said. “We might find out that people dont’ like it.” Fushman said.

It was clear that Dropbox was going to make a document editing and collaboration tool sooner or later. Two years ago, the company acquired Hackpad. a startup that was focusing on similar software such as Composer, and last year’s acquisition included CloudOn, a mobile document editing software.

Thank you Business Insider for providing us with this information

Now You Can Download People’s Wills

Want to know what Winston Churchill gave to his family when he died? How about Princess Diana? Or maybe you’re more interested in that long lost relative who gave your parents millions of pounds that mysteriously no-longer exists? Well whichever one applies to you, if you’re British you’re now in luck as all UK wills are available online.

Wills in the UK are public documents that anyone can access and read, and for years you’ve been able to physically request copies of wills, but now you can do so in the comfort of your own home. For £10. As long as you have a person’s name and year of death, you can order a copy to be ready for download in 10 days.

Small tidbits of information can be offered for free, especially for influential individuals. For instance, we know that Winston Churchill left his family £304,044 –  a lot of money in 1965.

You can go to the Probate Search website to start searching.

Source: BBC News