On Wed, 29 Oct 2003 08:30:17 -0600, "David Klotz" <[EMAIL PROTECTED]> wrote:
> I don't agree. First, you shouldn't be using a service like this to send > sensitive information in the first place, and if you are, you get what you > deserve. If I leave my bank account number in my mailbox so I'll know where > to get it, I shouldn't blame the post office if someone comes along and > steals it. I agree with this. The problem is that the average user won't think about the security issues of using this service. > Second, the whole idea behind tinyurl is to take long, difficult to type > URLs and change them into something much easier. In order for them to > generate a string that was long enough so that the chance of someone > randomly guessing another valid string is low, they would have to use a > string so long that it would only be marginally easier to type or send than > the original URL it was designed to replace... I like the implementation at http://www.makeashorterlink.com much better. First, it doesn't blindly forward you to the new link so, if you're sent a link to porn, you have a chance to shut the window before you get obscene pictures plastered across your monitor for your entire office to see. Second, it's harder to "guess" valid URLs, since it assigns them more randomly. However, in the long run, I don't think it's a major security issue. You'd have to browse through thousands of guesses before you stumble across sensitive information. There are far easier ways of getting credit card numbers. Still, they should have a warning on their site. After all, curling irons have warnings not to insert them into any orifice. :) -- Troy _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
