Difference between revisions of "1698: Theft Quadrants"

Explain xkcd: It's 'cause you're dumb.
Jump to: navigation, search
(Explanation)
(Explanation)
Line 19: Line 19:
  
 
Tinyurl offer a url shortening service. They provide short urls that redirect to long ones. This is useful if you want to write down a very long url as it saves typing and is more accurate. Other companies including bit.ly offer a similar service, as do Google and Twitter. Tinyurl was, for a while, the most popular of these url shortening services. If their domain name were stolen, all the redirects from short URLs could be changed to forward traffic to sites hosting malware. This would have significant effects on a large number of people.
 
Tinyurl offer a url shortening service. They provide short urls that redirect to long ones. This is useful if you want to write down a very long url as it saves typing and is more accurate. Other companies including bit.ly offer a similar service, as do Google and Twitter. Tinyurl was, for a while, the most popular of these url shortening services. If their domain name were stolen, all the redirects from short URLs could be changed to forward traffic to sites hosting malware. This would have significant effects on a large number of people.
 +
 +
Domain hijacking is relatively common. If a hacker can obtain personal information about the domain owner, they can impersonate them to the domain registrar, and obtain control of the domain, and with that control defraud a large number of people.
  
 
==Transcript==
 
==Transcript==

Revision as of 12:50, 24 June 2016

Theft Quadrants
TinyURL was the most popular link shortener for long enough that it made it into a lot of printed publications. I wonder what year the domain will finally lapse and get picked up by a porn site.
Title text: TinyURL was the most popular link shortener for long enough that it made it into a lot of printed publications. I wonder what year the domain will finally lapse and get picked up by a porn site.

Explanation

Ambox notice.png This explanation may be incomplete or incorrect: Created by a BOT - Please change this comment when editing this page.
If you can address this issue, please edit the page! Thanks.

It is hard to steal nuclear launch codes. And a good thing too since they could be used to start a nuclear war.

It is also hard to steal the Crown Jewels, since they are protected by a complex security system. But if they were stolen, it wouldn't be so bad for most people.

It wouldn't be hard to steal the Weinermobile (a car shaped like a hot-dog, advertising the Oscar Mayer brand), and there would be little consequence if it were stolen.

It wouldn't be hard to steal the Tinyurl domain name, but the consequences of that could be significant.

Tinyurl offer a url shortening service. They provide short urls that redirect to long ones. This is useful if you want to write down a very long url as it saves typing and is more accurate. Other companies including bit.ly offer a similar service, as do Google and Twitter. Tinyurl was, for a while, the most popular of these url shortening services. If their domain name were stolen, all the redirects from short URLs could be changed to forward traffic to sites hosting malware. This would have significant effects on a large number of people.

Domain hijacking is relatively common. If a hacker can obtain personal information about the domain owner, they can impersonate them to the domain registrar, and obtain control of the domain, and with that control defraud a large number of people.

Transcript

Ambox notice.png This transcript is incomplete. Please help editing it! Thanks.


comment.png add a comment! ⋅ comment.png add a topic (use sparingly)! ⋅ Icons-mini-action refresh blue.gif refresh comments!

Discussion

Come to think of it, I haven't accidentally hit a porn site in years. Is Randall even referring to a real problem? Anyone remember whitehouse dot com? And for the record, kids, don't do porn. tbc (talk) 12:27, 24 June 2016 (UTC)

I think the sentences "It is hard to steal nuclear launch codes. And a good thing too since they could be used to start a nuclear war." are weird... to me on the first read it sounded like it is a good thing to steal them... 162.158.85.63

What is it with Randall and stealing wienermobiles? xkcd 935 173.245.52.62 15:12, 24 June 2016 (UTC)

I added it to the explanation, thanks! Elipongo (talk) 16:16, 24 June 2016 (UTC)
There's also a wienermobile in xkcd 1110 parked to the right of the Burj. 198.41.239.33 11:03, 27 June 2016 (UTC)

A somewhat similar thing really happened in one of the URL shortening services in Taiwan. This case is not that the domain is stolen; the problem is that its database storing shortened URL mappings, because of some mis-operation in converting database data, is rolled back and some shortened URLs are "double-booked." According to the announcement of the service, this affects over 234 thousand entries in the database. This leads to PTT, the largest terminal-based bulletin board system in Taiwan, bans shortened URLs from this service. --108.162.222.40 20:21, 24 June 2016 (UTC)

sites can be particularly vulnerable if they do not maintain their web site - what? You can have domain name without ANY web site at all. "lapse" likely refers to owners stopping paying. -- Hkmaly (talk) 11:09, 25 June 2016 (UTC)

(Trying again... the CAPTCHA is glitching out on me.) "It is also hard to steal the Crown Jewels, since they are protected by a complex security system." - The items that are the first linked items are not at the location the second link points to... 141.101.98.131 16:20, 25 June 2016 (UTC)

In line with the above comments: the whole section on the crown jewels and the wienermobile seem to miss the point and get hung up on very minor details. Stealing the crown jewels would make a few people fabulously rich, a few people significantly poorer (or jailed, or court-martialled, depending), but would hardly affect anyone else in real terms other than making millions of people - all around the world - very upset. Saying that Randall erroneously assumes that there would be little consequence to stealing the wienermobile is just silly: there is nothing erroneous about it since it could never have a material effect on more than a few individuals, and the possibility of someone being injured or killed during the robbery is irrelevant since it applies equally well to the nuclear or crown jewels options. 108.162.229.44 16:12, 26 June 2016 (UTC)

In regards to stealing tinyurl.com, I don't think it would actually be that easy. In the title text Randall suggests picking up the domain name when it expires. Because some domains were stolen that way in the past, ICANN has changed the rules for the major top-level-domains, including .com. Now, after a domain name expires, the original register has a 45 day auto-renew grace period where they can re-register it without penalty. If they miss that period, they have an additional 30 day grace period where it can be re-registered with a penalty. The domain name stops working when it initially expires so it would be nearly impossible for a company like tinyurl to get to the end of both grace periods without noticing and fixing the problem. These new rules make it effectively impossible for an organization to lose its domain name by failing to renew on a timely basis. Reference

Since Randall only mentioned domain expiration as the way it might be stolen, it is unclear whether or not he was considering a more direct domain name hijacking. I'm less familiar with how easy domain hijacking might be but considering that their entire business depends on their domain name, I can't imagine it would actually be that easy.

Regarding the current explanation (and has been pointed out already), saying that "sites can be particularly vulnerable if they do not maintain their web site" is very wrong. This has nothing to do with maintaining a website, and only has to do with maintaining thei domain name. The website and domain name are two very different things, so this isn't just a matter of nitpicking. However, as I have explained above, the entire concept is no longer correct. There is now a grace period up to 75 days long for .com domains during which registrars are not allowed to sell the domain name to another third party. -- Cmancone (talk) (please sign your comments with ~~~~)

It might be a lot easier than you think to steal the launch codes. For nearly 20 years the USA's launch code was 00000000. 162.158.255.135 22:51, 27 June 2016 (UTC)

Be honest: if you were to guess the launch codes, would you have guessed that? Phineas81707 (talk) 14:11, 28 June 2016 (UTC)

This is a bit of a style guide comment: can we please leave the Citation Needed Joke out of "nuclear war is bad"? The joke worked in our explanation of 180: Canada because it was related to the comic itself. Here, not so much. 162.158.255.127 01:43, 30 June 2016 (UTC)

The description seems to assume that “printed publication” means “offline articles”. It also means “scientific article which passed peer-review”, hence a joke as serious scientific paper may be discredited as potentially redirecting to porn websites. Does anyone also share my interpretation? Greatfermat (talk) 16:14, 2 November 2016 (UTC)

https://tinyurl.com/Theft-Quadrants Opalzukor (talk) 15:31, 3 March 2021 (UTC)

Guise! It finally happened! It's getting patched rapidly. https://www.vice.com/en/article/qj8xz3/a-defunct-video-hosting-site-is-flooding-normal-websites-with-hardcore-porn 172.70.82.142 02:04, 23 July 2021 (UTC)

I'm sceptical about just how bad stealing the launch codes would really be; there's a lot of procedure beyond just having the right codes, and they change them every day anyway so your window is really small. 172.70.117.92 21:17, 24 July 2021 (UTC)