Think file-hosting sites guard your private data? Think again

Found on The Register on Saturday, 07 May 2011

"These services adopt a security-through-obscurity mechanism where a user can access the uploaded files only by knowing the correct download URIs," the researchers wrote in a paper presented at the most recent USENIX Workshop on Large-Scale Exploits and Emergent Threats.

They also used the sites to store private files that contained internet beacons, so they'd know if anyone opened them. Over a month's span, 80 unique IP addresses accessed the so-called honey files 275 times.

That should have been pretty obvious. You simply cycle through the ID the sharing sites use and harvest the information you get on non-404 results. This is pretty easy to script and delivers numerous results in a short time; leave it running for a night or two and then look through the list of filenames it produced.

Browse all articles« Previous « » Next »