Overview:
-
After sending huge urls to friends on one to many occasions (at least they
*tell* me they are my friends), they finally got together and convinced me
to use Tinyurl. While it seemed at first glance to be a powerful tool, and
a great free service, something struck me odd about it
l/boob
>
>
> Mark Bassett
> Network Administrator
> World media company
> Omaha.com
> 402-898-2079
>
>
> -Original Message-
> From: Joel R. Helgeson [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, October 29, 2003 5:19 AM
> To: [EMAIL PROTECTED]
> Subjec
There is something actually interesting about tinyurl's sequence
predictability:
You can gain an idea of what is in the collective consciousness at any
given date.
The letters assigned have nothing to do with the url being posted but
are rather assigned in continuing sequence, currently we are
Couldn't you still just just another redirect site to have them go back and
forth?
- Original Message -
From: "Christopher Kruslicky" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, October 30, 2003 5:38 PM
Subject: Re: [Full-Disclosure] TinyURL
Nice to see that tinyurl protects against an infinite loop:
http://tinyurl.com/t2nb
(I surprised myself getting it right the first try =)
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
On Wed, Oct 29, 2003 at 11:34:37AM -0700, Joel R. Helgeson wrote:
> Someone wanna perl script it and find a goldmine it all out?
>
I'm leeching a complete list, I'll make it available asap :)
nearly 7k URLs so far...
--
+--* .-.
|
on. the last time of our connection."
but hey, that's what google says. So what does this actually mean?
-Rune
(oh, btw, first post here. Did I screw up?)
>Date: Wed, 29 Oct 2003 09:11:13 -0800
>From: John Sage <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Re: [
Joel R. Helgeson:
>Who cares about credit card numbers, I'm looking for privileged access to
>sites. Consider the following:
>
>People use this service as an attempt to obfuscate the usernames and
>passwords to protected websites and ftp servers that they email out. I'm
>finding a lot of urls tha
roy" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, October 29, 2003 1:57 PM
Subject: Re: [Full-Disclosure] TinyURL
> On Wed, 29 Oct 2003 08:30:17 -0600, "David Klotz" <[EMAIL PROTECTED]> wrote:
>
> > I don't agree. First, you shouldn
On Wed, 29 Oct 2003 14:44:12 -0700, "Joel R. Helgeson" <[EMAIL PROTECTED]> wrote:
> Who cares about credit card numbers, I'm looking for privileged access to
> sites. Consider the following:
>
> People use this service as an attempt to obfuscate the usernames and
> passwords to protected website
On Wed, 29 Oct 2003 08:30:17 -0600, "David Klotz" <[EMAIL PROTECTED]> wrote:
> I don't agree. First, you shouldn't be using a service like this to send
> sensitive information in the first place, and if you are, you get what you
> deserve. If I leave my bank account number in my mailbox so I'll
triQ Corporation
"Give a man fire, and he'll be warm for a day; set a man on fire, and he'll
be warm for the rest of his life."
- Original Message -
From: "Joel R. Helgeson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, October 29, 200
I would say if your passing sensitive information you shouldn't use this
service anyway. Even if they randomized it, there's nothing stopping
someone from just randomly entering URL's. I'd stumble upon your
sensitive information eventually. It's fine for passing news stories and
Ebay links, but I w
The mind boggles...
On Wed, Oct 29, 2003 at 09:11:37AM -0600, Bassett, Mark wrote:
> Anyone want an Asus Motherboard from newegg? :)
>
> http://www.tinyurl/boob
Continuing to apply random, four-character strings, I offer this:
For those of you based in the US and who dislike the current,
Republ
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] TinyURL
I would say if your passing sensitive information you shouldn't use this
service anyway. Even if they randomized it, there's nothing stopping
someone from just randomly entering URL's. I'd stumble upon your
sensiti
That reminds me of a joke:
What do you call a prostitute with a runny nose?
...
Full!
> Another from Tinyurl...
>
> From News.COM.AU:
> "War stress wears out prostitutes"
> http://tinyurl.com/49b
>
> And we thought we had it hard...
___
Full-Disc
Can someone forward the original email about this to me? I'm away from my
system till tomorrow.
BTW,
http://tinyurl.com/beer
I need a hug
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
OK: wait a minute, wait a minute..
On Wed, Oct 29, 2003 at 09:11:37AM -0600, Bassett, Mark wrote:
> Anyone want an Asus Motherboard from newegg? :)
>
> http://www.tinyurl/boob
Following hot (hmm.. interesting choice of words..) on the heels of my
previous research (http://www.tinyurl.com/c*nt) i
hah!
On Wed, Oct 29, 2003 at 09:11:37AM -0600, Bassett, Mark wrote:
> Anyone want an Asus Motherboard from newegg? :)
>
> http://www.tinyurl/boob
What thought process caused you to choose that specific string?
- John
--
"Most people don't type their own logfiles; but, what do I care?"
-
Joh
> Mark Bassett
> Network Administrator
> World media company
> Omaha.com
> 402-898-2079
>
>
> -Original Message-
> From: Joel R. Helgeson [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, October 29, 2003 5:19 AM
> To: [EMAIL PROTECTED]
> Subject: [Full-Disclosu
AIL PROTECTED]
Subject: RE: [Full-Disclosure] TinyURL
Anyone want an Asus Motherboard from newegg? :)
http://www.tinyurl/boob
Mark Bassett
Network Administrator
World media company
Omaha.com
402-898-2079
-Original Message-
From: Joel R. Helgeson [mailto:[EMAIL PROTECTED]
Sent: Wednesda
]
Subject: [Full-Disclosure] TinyURL
This is an information leak rather than a real vulnerability. I thought
it
might be of interest to others...
www.tinyurl.com is a website that will convert a long url to a short
one. If
you want to email a link to say, driving directions on mapquest, the url
is
Thoughts?
Great. A litle perl-script does the dirty work.
Get EBay-Passwords, website-Logins, trojans, MP3s, warez,
strange pictures and tons of more or less funny stuff.
Strange, that noone noticed this lovely behaviour before.
--
Thomas Springer
TUEV ICS - IT-Security
_
on
> Sent: Wednesday, October 29, 2003 5:19 AM
> To: [EMAIL PROTECTED]
> Subject: [Full-Disclosure] TinyURL
>
>
> This is an information leak rather than a real vulnerability.
> I thought it might be of interest to others...
>
www.tinyurl.com is a website that will convert a
This is an information leak rather than a real vulnerability. I thought it
might be of interest to others...
www.tinyurl.com is a website that will convert a long url to a short one. If
you want to email a link to say, driving directions on mapquest, the url is
rather long and will get broken up.
25 matches
Mail list logo