The (in)security of File Hosting Services
Abstract
File hosting services (FHSs) are used daily by thousands of people as a way of storing and sharing files.These services normally rely on a security-throughobscurity approach to enforce access control: For each uploaded file, the user is given a secret URI that she can share with other users of her choice.In this paper, we present a study of 100 file hosting services and we show that a significant percentage of them generate secret URIs in a predictable fashion,allowing attackers to enumerate their services and access their file list. Our experiments demonstrate how an attacker can access hundreds of thousands of files in a short period of time, and how this poses a very big risk for the privacy of FHS users. Using a novel approach, we also demonstrate that attackers are aware of these vulnerabilities and are already exploiting them to get access to other users’files. Finally we present SecureFS, a client-side protection mechanism which can protect a user’s files when uploaded to insecure FHSs, even if the files end up in the possession of attackers.
Download: PDF
Volut-ID | World News Articles
All news of interest and can provide an info for you, and so can assist in the search for new news.
About news gadgets, mobile phones
info about the latest mobile phone, from news, features, and the most mobile phone models in search of the world.
No response to “Exposing the Lack of Privacy in File Hosting Services”
Leave a reply