Short URL Addresses May Be Creating Easy Paths To Spy On Your Data

We’ve all seen those huge URL’s, be it for a website or a document you have saved in the cloud, they just seem to go on and on with no sign of ever stopping. Then you spot the tiny URL they offer you instead, short and sweet with only a few letters and numbers to copy and paste before you can open your document anywhere you want. Why not use it? well for starters that small URL may be creating just as easy a path to spy on your data!

Research conducted by Martin Georgiev and Vitaly Shmatikov suggest that looking at the abbreviated “short URL’s” used by companies such as Google, Microsoft, and even bit.ly, a company dedicated to creating and sharing short URL addresses, revealed that using a simple trial and error method they were able to gain access to your cloud storage files.

In particular, Georgiev and Shmatikov were able to find and access files shared through Google Drive and Microsoft’s OneDrive with short URLs. If this wasn’t scary enough, someone could place malicious code in the files that had write permissions enabled, allowing them to infect and spread their effect all through one of your files stored in the cloud. Estimating that around 7 percent of the accounts on OneDrive and Google Drive they scanned were vulnerable to this flaw, it’s scary, to say the least.

More worrying may be companies differing responses to be being alerted about this result, with Google doubling the character length of their short URLs, while Microsoft stated that the vulnerability “does not currently warrant an MRSC case”, while quietly removing the short link function on OneDrive so not to expose others to the problem while they no doubt investigate.

How to Exploit Netflix’s Meticulous Cataloguing for a Better Browsing Experience

As good as Netflix’s own algorithm for suggesting new things to watch is, sometimes you just want to explore, which is not an easy task using the video-on-demand service’s default interface. However, there is a sneaky way to exploit Netflix’s meticulous genre (and sub-genre) cataloguing system for a more precise browsing experience. Using this trick, you can search everything from “Children and Family Movies for ages 5 to 7” to “Action & Adventure starring Gene Hackman”.

Every genre, sub-genre, and category is designated a specific ID number that can be found if added to the Netflix URL. The Atlantic’s Alexis C. Madrigal ran a script that scraped all the ID numbers from the Netflix database, finding 76,897 micro-genres, all of which are available to browse in a Google Doc. Others ran with that, and combined the codes into genre URLs, such as this handy list.

“Netflix has meticulously analyzed and tagged every movie and TV show imaginable,” Madrigal wrote. “They possess a stockpile of data about Hollywood entertainment that is absolutely unprecedented. The genres that I scraped and that we caricature above are just the surface manifestation of this deeper database.”

Some of the listed categories don’t lead to anything, which is understandable considering Netflix rotates its video content – not to mention geographical variation – but most links are useful.

Shorter .UK Web Address To Replace Some Sites Next Year

New .uk web addresses are looking to be introduced next summer as an alternative to .co.uk and .org.uk domains. Nominet, the non-profit organisation in charge of the naming system, said bringing in the shorter suffix was the biggest change for years.

The domain name can be used in addition to or instead of an existing address. Websites who already have a .co.uk or .org.uk site will be refused for up to five years. Brand new .uk web addresses, where there is no existing equivalent, will be given out on a first-come, first-served basis.

Where one person owns the .org.uk domain name and another owns the .co.uk, priority will go to the owner of the .co.uk site. Nominet had initially scrapped the plans amid concerns that .uk domains would be confusing for some users, but is now going ahead with the scheme. The new domains will cost £3.50 per year for one-year registrations and £2.50 per year for multi-year registrations.

Many countries already have a similar system, including France, which uses the .fr extension, and Germany, where websites are given the .de suffix. It was also announced last week that London is to get its own web suffix. The number of generic top-level domains, such as.com and .org, is set to expand massively from 22 to more than 1,400.

The Internet Corporation for Assigned Names and Numbers agreed the move last month, saying it wanted to “promote global innovation, competition and consumer choice”.

Thank you Sky for providing us with this information

Server-Free Internet Could Become A Reality In The Future

Researchers at Cambridge University have developed a proof-of-concept for a new server-free Internet architecture. The prototype was developed as part of the €5.2 million project PURSUIT that comprises representatives from European research institutes, universities and telecommunication companies. The revolutionary new Internet architecture is designed to meet the ever-growing traffic requirements of web services and security concerns of Internet users.

As of today, online data is stored on servers residing at different locations around the globe. Data requests made by client devices like PCs, tablets or smartphones are fulfilled by the geographically closest server, making the information exchange quick but server dependent. This centralized approach opens the door to problems like server attacks and traffic overloading. Also, users have less control over how and when their data is accessed.

PURSUIT users wouldn’t have to face these security and privacy problems as the architecture does away with the need of individual computers connecting to dedicated servers. Instead, it uses a peer-to-peer information sharing technique which enables individual computers to copy and republish data on receipt.

This, if deployed, would replace the existing client-server based TCP/IP networking model and could radically change the way information is stored, searched and shared online. Users would be able to fetch the requested data (or smaller data fragments) from a wide range of computers around the world and online search engines would look for URIs (Uniform Resource Identifiers) rather than URLs (Uniform Resource Locators).

The project builds upon other successful projects like TRILOGY and PSIRP, and won the Future Internet Award 2013 at FIA (Future Internet Assembly) in Dublin, earlier this year.

Thank you TechSpot for providing us with this information.
Video courtesy of TechSpot