Site url – Past Torrent http://pasttorrent.com/ Fri, 17 Jun 2022 22:19:26 +0000 en-US hourly 1 https://wordpress.org/?v=5.9.3 https://pasttorrent.com/wp-content/uploads/2021/10/icon-28-120x120.png Site url – Past Torrent http://pasttorrent.com/ 32 32 Accessing Google Drive using an inadvertently revealed long URL may violate the Computer Fraud and Abuse Act https://pasttorrent.com/accessing-google-drive-using-an-inadvertently-revealed-long-url-may-violate-the-computer-fraud-and-abuse-act/ Fri, 17 Jun 2022 22:19:26 +0000 https://pasttorrent.com/accessing-google-drive-using-an-inadvertently-revealed-long-url-may-violate-the-computer-fraud-and-abuse-act/ Of Greenburg vs. Wraydecided yesterday by Judge Douglas Rayes (D. Ariz.) (key legal point highlighted): Amanda Wray runs a 2,000-member Facebook group… “dedicated to spreading anti-mask policies, anti-vaccine policies, anti-LGBTQ policies, and anti-Critical Race Theory policies within the Scottsdale Unified School District.” … Applicant[ Mark Greenburg]The son of is a member of…the elected governing body […]]]>

Of Greenburg vs. Wraydecided yesterday by Judge Douglas Rayes (D. Ariz.) (key legal point highlighted):

Amanda Wray runs a 2,000-member Facebook group… “dedicated to spreading anti-mask policies, anti-vaccine policies, anti-LGBTQ policies, and anti-Critical Race Theory policies within the Scottsdale Unified School District.” … Applicant[ Mark Greenburg]The son of is a member of…the elected governing body that runs Scottsdale Unified School District #48….

In response to the activities of the defendants [Wray and her husband] and the Facebook group, the plaintiff began collecting information about them, including photographs, video footage, third-party chats about them, personal comments and thoughts, and political memes. The plaintiff stored these recordings on his personal “Google Drive” server. The plaintiff specifically shared access to the server with three people (including the plaintiff’s son), who could access the server by logging into their own password-protected Google accounts. Although the requester didn’t realize it at the time, his Google Drive sharing settings also allowed anyone to access the server by entering the exact URL.

In 2021, the plaintiff’s son was charged with defamation. He responded to his accuser by emailing “13 photographs of public Facebook comments made by his accuser, some of which were stored on the server.” One of the photographs displayed the Google Drive URL, and this photograph came into Amanda’s possession, where she noticed the URL and asked a third party to hyperlink to the URL. Once provided, she clicked on it to access the Google Drive. She reviewed, uploaded, deleted, added, rearranged, renamed and publicly disclosed content from Google Drive.

The plaintiff learned of the access and hired a team of computer forensic consultants to conduct a damage assessment. He then sued the defendants under the Computer Fraud and Abuse Act…, alleging a loss of at least $5,000….

To “successfully bring an action under 18 USC § 1030(g) based on a violation of 18 USC § 1030(a)(2)”, the plaintiff must allege that the defendants:

(1) intentionally accessed a computer, (2) without authorization or exceeding authorized access, and (3) thereby obtained information (4) from any protected computer (if the conduct involved interstate or foreign communication), and that (5) there has been a loss to one or more persons during a period of one year aggregating a value of at least $5,000.

Citing hiQ Labs, Inc. vs. LinkedIn Corp. (9th Cir. 2022), defendants argue that plaintiff did not allege that Amanda accessed Google Drive without permission. In Hello, a data analysis company, hiQ, collected data on public LinkedIn profiles, data indexed by search engines. LinkedIn discovered this, sent hiQ a cease and desist letter, and imposed technical measures to prevent the public profile data from being deleted. But hiQ didn’t stop and instead sought a declaratory judgment that LinkedIn “could not legally invoke the CFAA” against it for deleting data found on LinkedIn’s public profiles. Identifier. Ultimately, the Ninth Circuit determined that the scraping of hiQ’s data did not fall within the scope of the CFAA because “anyone with a web browser” could access the data.

In review, the Ninth Circuit held that “the prohibition on unauthorized access is properly understood to apply only to private information – information defined as private through the use of an authorization requirement any”. Thus, for a website to fall under CFAA protection, it must have erected “limited access”. And while “anyone with a browser” could access the website, there were no access limitations.

It’s a close call. Plaintiff acknowledges that the portion of Google Drive accessed by Amanda was not password protected; The requester had inadvertently enabled the setting allowing anyone with the URL to access the site. But, the plaintiff alleges that this parameter did not in itself make Google Drive public, since the URL was a 68-character string.

Also, Google Drive was not indexed by any search engine, unlike the website of Hello. Therefore, it wasn’t just “anyone with a browser” who could stumble upon Google Drive while searching the web – the internet user wishing to access Google Drive had to get the exact URL in the browser. . In the eyes of the Court, the plaintiff alleges that Google Drive had limitations and therefore people trying to access it needed permission.

The plaintiff alleges that disclosing the URL – the limitation – did not grant Amanda permission to access Google Drive. He claims the disclosure was made inadvertently. As the Ninth Circuit recognized, inadvertent disclosure of the means surrounding an access limitation does not in itself grant authorization. Plaintiff has sufficiently pleaded the elements of a violation of 18 USC § 1030(a)(2).

Defendants then argue that Plaintiff’s claims of $5,000 in damages are too conclusive to state a claim. Not so. The plaintiff alleges that Amanda accessed Google Drive without permission, causing changes to the files stored there, and that he had to hire a forensic IT team to determine the extent of the damage, which he claims, cost at least $5,000. The plaintiff is not required to provide itemized receipts at the pleading stage….

]]>
What is a URL? + How do they work? https://pasttorrent.com/what-is-a-url-how-do-they-work/ Thu, 09 Jun 2022 10:32:34 +0000 https://pasttorrent.com/what-is-a-url-how-do-they-work/ Did someone just ask you for a URL and you have no idea what they’re referring to? Allow us to explain what they are asking… Sometimes people like to look smart. They often do this using alternate words that you may not be familiar with. While the issue in question may also relate to the […]]]>

Did someone just ask you for a URL and you have no idea what they’re referring to? Allow us to explain what they are asking…


Sometimes people like to look smart.

They often do this using alternate words that you may not be familiar with.

While the issue in question may also relate to the industry the person works in – if they work in IT, “URL” may often be a more appropriate word – there is usually a much clearer way to refer to this what is a URL.

The majority of us use them every day, but at no point while using them is there any indication that they are referred to as a “URL”, so let us clarify that for you…

What is a URL?

A Uniform Resource Locator, or URL, is a method of identifying the origin of a resource on the web. It is what we use to access web pages as well as to download photos, movies, software applications and other types of items stored on a server.

Double-clicking a file on your PC opens it, but we need to use URLs to access files on remote systems, such as web servers, so our web browser understands where to look.

In many cases, “URL” is used instead of “web address“, so a URL can be as simple as a standard web address, such as “https://www.knowyourmobile.com/”.

So unless someone asks for the URL of a specific image on the web, you can usually get away with linking them to the website.

Examples of URLs

As of this writing, the URL is obviously not live yet, but if you look at your search bar, you’ll see the URL looks like:

“https://www.knowyourmobile.com/user-guides/what-is-a-url-how-do-they-work/”

Or at least now I’m going to make sure he is.

This is a base URL that locates the exact page you are currently viewing.

However, a URL can be much more specific, like:

“https://www.knowyourmobile.com/wp-content/uploads/2022/04/joe-rogan-morning-routine.jpg”

Look, it’s Joe Rogan! Here’s the URL if you’d like to learn more about her morning routine (it’s as active as you’d imagine):

“https://www.knowyourmobile.com/news/joe-rogans-morning-routine-is-as-active-as-youd-imagine/”

How is a URL structured?

Each part of a URL serves a specific purpose – it’s far from just random code.

Here’s how the Joe Rogan photo URL can be broken down:

  • https://” is the protocol that defines the type of server you are communicating with.
  • Knowyourmobile” is the domain name or website name.
  • Comis the TLD or “top level domain”, similar to “.co.uk”, “.net” and others.
  • wp-content/uploads/2022/04” designates the web page or file directory. These are the actual directories you need to browse on the web server to locate the file specified by this URL.
  • Joe-rogan-morning-routine.jpg” is the file itself that the URL points to.

URL syntax information

A URL can only contain letters, numbers and the following characters: () ! $-‘ *+.

To be approved, other characters must be encoded. Some URLs have parameters that separate them from other variables.

Whether URL text is uppercase or lowercase is important in certain parts of a URL, especially everything after the domain name (directories and filename).

When you see a question mark in a URL, it means you want to submit a particular command to a script hosted on Google’s server in order to receive personalized results.

Anything placed after the ?q= section of the URL is detected as a search term by the particular script that Google uses to perform searches. So anything typed at this point in the URL is used to search on Google’s search engine.

After a question mark, one or more ampersands are used in URLs that use multiple variables.

The question mark will precede the first variable, but the next variable, fields-keywords, will be preceded by an ampersand. An ampersand would also be used to separate other variables. “I’m looking for this? &this &this &this”.

Depending on the context, some URLs can switch between arguments. Adding a timestamp to a YouTube video is a good example. An ampersand is required for some connections, while a question mark is required for others.

Anchors can also be used in URLs. These are found at the bottom of the page and describe where the link will take you when you click on it. The pound sign is used to create anchors when adding links to a web page.

Striking facts about URLs

Sad that our URL discussion is coming to an end? Don’t worry, we’ve prepared some fun facts about URLs before we part with this discussion.

Buckle up!

  • Some URLs are quite long and complicated, and it is advisable to click on them as links or copy/paste them into your browser’s address bar. A 400-series HTTP status code issue, the most common of which is a 404 error, can be caused by a typo in a URL.
  • The port name is not required in most URLs. It is possible to open google.com by adding the port number at the end, such as http://www.google.com:80, although this is not required. You can visit the page by changing the port to 8080 if the website was running on that port.
  • If a URL points to a file that your web browser can display, such as a JPG image, you don’t need to download it to your machine to view it. You will be asked to upload files that are not normally displayed in the browser, such as PDFs and DOCX files, including EXE files.
  • FTP sites use port 21 by design, although some may use port 22 or something else. If the FTP site does not use port 21, you must specify which port it uses in order to connect correctly to the server. The same principle applies to any URL that uses a port other than the one the software used to access expects by default.

Jake McEvoy

Jake is a lifelong professional writer, journalist, and tech enthusiast. It covers KnowYourMobile news and user guides.

]]>
Evasive phishing mixes reverse tunnels and URL shortening services https://pasttorrent.com/evasive-phishing-mixes-reverse-tunnels-and-url-shortening-services/ Sun, 05 Jun 2022 15:06:01 +0000 https://pasttorrent.com/evasive-phishing-mixes-reverse-tunnels-and-url-shortening-services/ Security researchers are seeing an increase in the use of reverse tunnel services as well as URL shorteners for large-scale phishing campaigns, making malicious activity harder to stop. This practice is a departure from the more common method of registering domains with hosting providers, who are likely to respond to complaints and take down phishing […]]]>

Security researchers are seeing an increase in the use of reverse tunnel services as well as URL shorteners for large-scale phishing campaigns, making malicious activity harder to stop.

This practice is a departure from the more common method of registering domains with hosting providers, who are likely to respond to complaints and take down phishing sites.

With reverse tunnels, hackers can host phishing pages locally on their own computers and route connections through the external service. By using a URL shortening service, they can generate new links as often as they want to bypass detection.

Many phishing links refresh in less than 24 hours, which makes tracking and removing domains more difficult.

Abuse of service

Digital risk protection firm CloudSEK has seen an increase in the number of phishing campaigns that combine reverse tunneling and URL shortening services.

In a report shared by the company with BleepingComputer, researchers claim to have found more than 500 sites hosted and distributed in this way.

The most widely abused reverse tunnel services that CloudSEK found in their research are Ngrok, LocalhostRun, and Cloudflare’s Argo. They also found that URL shortening services Bit.ly, is.gd and cutt.ly were more prevalent.

Reverse tunnel services protect the site from phishing by managing all connections to the local server it is hosted on. This way, any incoming connection is resolved by the tunnel service and forwarded to the local machine.

The modus operandi of phishing actors
The modus operandi of phishing actors (CloudSEK)

Victims who interact with these phishing sites end up storing their sensitive data directly on the attacker’s computer.

By using URL shorteners, the threat actor hides the URL name, which is usually a string of random characters, CloudSEK explains. Thus, a domain name that would arouse suspicion is hidden in a short URL.

According to CloudSEK, adversaries distribute these links via popular communication channels such as WhatsApp, Telegram, emails, text messages or fake social media pages.

It should be noted that the misuse of these services is not new. For example, Cyble presented Ngrok abuse evidence in February 2021. However, according to CloudSEK’s findings, the problem is getting worse.

Cases detected

An example of a phishing campaign abusing these services that CloudSEK detected was the impersonation of YONO, a digital banking platform offered by the State Bank of India.

Locally hosted YONO phishing site
Locally hosted YONO phishing site (CloudSEK)

The URL set by the attacker was hidden behind “cutt[.]ly/UdbpGhs” and led to the domain “ultimate-boy-bacterial-generates[.]trycloudflare[.]com/sbi” which used Cloudflare’s Argo tunneling service.

This phishing page asked for bank account credentials, PAN card numbers, Aadhaar unique ID numbers and mobile phone numbers.

CloudSEK did not share the effectiveness of this campaign, but points out that threat actors rarely use the same domain name for more than 24 hours, despite recycling phishing page templates.

“Even if a URL is flagged or blocked, hackers can easily host another page, using the same pattern” – CloudSEK

Sensitive information collected this way can be sold on the dark web or used by attackers to drain bank accounts. If the data comes from a company, the threat actor could use it to launch ransomware attacks or Business Email Compromise (BEC) fraud.

To protect against this type of threat, users must avoid clicking on links from unknown or suspicious sources. Manually typing a bank’s domain name into the browser is a good method to avoid being exposed to a fake website.

]]>
Yet Another Zero Day (Sort Of) In Windows “Search URL” Handling – Naked Security https://pasttorrent.com/yet-another-zero-day-sort-of-in-windows-search-url-handling-naked-security/ Thu, 02 Jun 2022 19:39:57 +0000 https://pasttorrent.com/yet-another-zero-day-sort-of-in-windows-search-url-handling-naked-security/ Just as the dust was beginning to settle on Follina’s oddly named vulnerability… …came another zero-day Windows security flaw. Kind of. We’re not convinced this one is as dramatic or as dangerous as some of the titles seem to suggest (which is why we’ve carefully added the words “somehow” above), but we’re not surprised that […]]]>

Just as the dust was beginning to settle on Follina’s oddly named vulnerability…

…came another zero-day Windows security flaw.

Kind of.

We’re not convinced this one is as dramatic or as dangerous as some of the titles seem to suggest (which is why we’ve carefully added the words “somehow” above), but we’re not surprised that researchers are currently looking for new ways to abuse the many types of proprietary URLs in Windows.