Tom Van Vleck tells an interesting story about how the choice of project names can reveal unintended information. (H/T Making Light)
There is a similar attack that sometimes occurs in Web sites. Someone will notice that their order confirmation page URL is something like example.com/orders/10023993 and wonders what happens if they try to access example.com/orders/10023994.
Solving the problem for order numbers is easy - a simple MAC code will suffice. It is easy to create a sparsely populated set of machine readable identifiers. Solving the problem for human memorable phrases is much harder.
Perhaps one way to go would be to take article titles from wikipedia (there are a couple of million).
Wednesday, September 26, 2007
Project Names and Borges Numbers
Linkworks: FARK del.icio.us StumbleUpon reddit
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment