Difference between revisions of "1698: Theft Quadrants"

Explain xkcd: It's 'cause you're dumb.
Jump to: navigation, search
(Explanation: rearrange)
(Explanation: A couple additions, a little grammar fixing.)
Line 8: Line 8:
  
 
==Explanation==
 
==Explanation==
{{incomplete|How difficult is it to steal TinyURL, really? Is it a real problem?}}
+
{{incomplete|How difficult would it be to steal TinyURL, really? Is it a real problem?}}
  
 
This is a "{{w|Time_management#The_Eisenhower_Method|Eisenhower box}}" comparing how difficult it is to steal a specified thing with the severity of the theft.
 
This is a "{{w|Time_management#The_Eisenhower_Method|Eisenhower box}}" comparing how difficult it is to steal a specified thing with the severity of the theft.
  
It is hard to steal {{w|Gold Codes|nuclear launch codes}}. That's a good thing, too, since they could be used to start a {{w|Nuclear warfare|nuclear war}}.
+
It is very hard to steal {{w|Gold Codes|nuclear launch codes}}. They are protected by many layers of federal security. That's a good thing, too, since if they were stolen, they could be used to start a {{w|Nuclear warfare|nuclear war}}, which would be a very bad thing.{{Citation needed}}
  
 
It is also hard to steal the {{w|Crown Jewels of the United Kingdom|crown jewels}}, since they are protected by a [http://yeomenoftheguard.com/Windsor%20Castle.jpg complex security system]. But if they were stolen, it wouldn't be so bad for most people.
 
It is also hard to steal the {{w|Crown Jewels of the United Kingdom|crown jewels}}, since they are protected by a [http://yeomenoftheguard.com/Windsor%20Castle.jpg complex security system]. But if they were stolen, it wouldn't be so bad for most people.
  
It wouldn't be hard to steal the {{w|Wienermobile}} (a car shaped like a hot-dog, advertising the Oscar Mayer brand), and there would be little consequence if it were stolen.
+
It wouldn't be too hard to steal the {{w|Wienermobile}} (a car shaped like a hot-dog, advertising the Oscar Mayer brand), and there would be little consequence at all if it were stolen.
  
It wouldn't be hard to steal the {{w|TinyURL|tinyurl.com}} domain name, but the consequences of that could be significant.
+
However, it wouldn't be hard (or at least, not as hard as stealing nuclear launch codes or the crown jewels) to steal the {{w|TinyURL|tinyurl.com}} domain name, but the consequences of that could be significant.
  
TinyURL offer a url shortening service. They provide short URLs that redirect to long ones. This is useful if you want to write down a very long URL as it saves typing and is more accurate. Other companies including [https://bitly.com/ bit.ly] offer a similar service, as do [https://goo.gl/ Google] and Twitter. TinyURL was, for a while, the most popular of these URL shortening services. If their domain name were stolen, all the redirects from short URLs could be changed to forward traffic to sites hosting, for example, malware. This would have significant effects on a large number of people.
+
TinyURL offer a url shortening service. They provide short URLs that redirect to long ones. This is useful if you want to write down a very long URL as it saves typing and is more accurate. Other companies including [https://bitly.com/ bit.ly] offer a similar service, as do [https://goo.gl/ Google] and Twitter. TinyURL was, for a while, the most popular of these URL shortening services. If their domain name were stolen, all the redirects from short URLs could be changed to forward traffic to sites hosting, for example, malware. This would have significant effects on a large number of people, because TinyURL is used in many places both online and (as the title text notes) even sometimes offline.
  
Domain hijacking is relatively common. If a cracker can obtain personal information about the domain owner, they can impersonate them to the domain registrar, and obtain control of the domain, and with that control defraud a large number of people.
+
Domain hijacking is relatively common. If a cracker can obtain personal information about the domain owner, they can impersonate them to the domain registrar, and obtain control of the domain, and with that control defraud a large number of people. [Well-known examples?]
  
 
As the title text notes, sites can be particularly vulnerable if they do not maintain their web site, as the registrar is free then to sell the same domain to any third party. A [https://reports.internic.net/cgi/whois?whois_nic=tinyurl.com&type=domain whois search] as of June 2016 finds that the tinyurl.com domain is next due for renewal in June 2018.
 
As the title text notes, sites can be particularly vulnerable if they do not maintain their web site, as the registrar is free then to sell the same domain to any third party. A [https://reports.internic.net/cgi/whois?whois_nic=tinyurl.com&type=domain whois search] as of June 2016 finds that the tinyurl.com domain is next due for renewal in June 2018.

Revision as of 00:53, 25 June 2016

Theft Quadrants
TinyURL was the most popular link shortener for long enough that it made it into a lot of printed publications. I wonder what year the domain will finally lapse and get picked up by a porn site.
Title text: TinyURL was the most popular link shortener for long enough that it made it into a lot of printed publications. I wonder what year the domain will finally lapse and get picked up by a porn site.

Explanation

Ambox notice.png This explanation may be incomplete or incorrect: How difficult would it be to steal TinyURL, really? Is it a real problem?
If you can address this issue, please edit the page! Thanks.

This is a "Eisenhower box" comparing how difficult it is to steal a specified thing with the severity of the theft.

It is very hard to steal nuclear launch codes. They are protected by many layers of federal security. That's a good thing, too, since if they were stolen, they could be used to start a nuclear war, which would be a very bad thing.[citation needed]

It is also hard to steal the crown jewels, since they are protected by a complex security system. But if they were stolen, it wouldn't be so bad for most people.

It wouldn't be too hard to steal the Wienermobile (a car shaped like a hot-dog, advertising the Oscar Mayer brand), and there would be little consequence at all if it were stolen.

However, it wouldn't be hard (or at least, not as hard as stealing nuclear launch codes or the crown jewels) to steal the tinyurl.com domain name, but the consequences of that could be significant.

TinyURL offer a url shortening service. They provide short URLs that redirect to long ones. This is useful if you want to write down a very long URL as it saves typing and is more accurate. Other companies including bit.ly offer a similar service, as do Google and Twitter. TinyURL was, for a while, the most popular of these URL shortening services. If their domain name were stolen, all the redirects from short URLs could be changed to forward traffic to sites hosting, for example, malware. This would have significant effects on a large number of people, because TinyURL is used in many places both online and (as the title text notes) even sometimes offline.

Domain hijacking is relatively common. If a cracker can obtain personal information about the domain owner, they can impersonate them to the domain registrar, and obtain control of the domain, and with that control defraud a large number of people. [Well-known examples?]

As the title text notes, sites can be particularly vulnerable if they do not maintain their web site, as the registrar is free then to sell the same domain to any third party. A whois search as of June 2016 finds that the tinyurl.com domain is next due for renewal in June 2018.

Randall has written about stealing the Wienermobile before in 935: Missed Connections.

Transcript

Ambox notice.png This explanation may be incomplete or incorrect: Added basic transcript. Please improve on it by editing it.
If you can address this issue, please edit the page! Thanks.
How hard thing would be to steal Hard The Crown Jewels The Nuclear Launch Codes
Easy The Oscar Mayer Weinermobile The tinyurl.com Domain Name
Not that bad Very bad
How bad it would be if someone stole it


comment.png add a comment! ⋅ comment.png add a topic (use sparingly)! ⋅ Icons-mini-action refresh blue.gif refresh comments!

Discussion

Come to think of it, I haven't accidentally hit a porn site in years. Is Randall even referring to a real problem? Anyone remember whitehouse dot com? And for the record, kids, don't do porn. tbc (talk) 12:27, 24 June 2016 (UTC)

I think the sentences "It is hard to steal nuclear launch codes. And a good thing too since they could be used to start a nuclear war." are weird... to me on the first read it sounded like it is a good thing to steal them... 162.158.85.63

What is it with Randall and stealing wienermobiles? xkcd 935 173.245.52.62 15:12, 24 June 2016 (UTC)

I added it to the explanation, thanks! Elipongo (talk) 16:16, 24 June 2016 (UTC)
There's also a wienermobile in xkcd 1110 parked to the right of the Burj. 198.41.239.33 11:03, 27 June 2016 (UTC)

A somewhat similar thing really happened in one of the URL shortening services in Taiwan. This case is not that the domain is stolen; the problem is that its database storing shortened URL mappings, because of some mis-operation in converting database data, is rolled back and some shortened URLs are "double-booked." According to the announcement of the service, this affects over 234 thousand entries in the database. This leads to PTT, the largest terminal-based bulletin board system in Taiwan, bans shortened URLs from this service. --108.162.222.40 20:21, 24 June 2016 (UTC)

sites can be particularly vulnerable if they do not maintain their web site - what? You can have domain name without ANY web site at all. "lapse" likely refers to owners stopping paying. -- Hkmaly (talk) 11:09, 25 June 2016 (UTC)

(Trying again... the CAPTCHA is glitching out on me.) "It is also hard to steal the Crown Jewels, since they are protected by a complex security system." - The items that are the first linked items are not at the location the second link points to... 141.101.98.131 16:20, 25 June 2016 (UTC)

In line with the above comments: the whole section on the crown jewels and the wienermobile seem to miss the point and get hung up on very minor details. Stealing the crown jewels would make a few people fabulously rich, a few people significantly poorer (or jailed, or court-martialled, depending), but would hardly affect anyone else in real terms other than making millions of people - all around the world - very upset. Saying that Randall erroneously assumes that there would be little consequence to stealing the wienermobile is just silly: there is nothing erroneous about it since it could never have a material effect on more than a few individuals, and the possibility of someone being injured or killed during the robbery is irrelevant since it applies equally well to the nuclear or crown jewels options. 108.162.229.44 16:12, 26 June 2016 (UTC)

In regards to stealing tinyurl.com, I don't think it would actually be that easy. In the title text Randall suggests picking up the domain name when it expires. Because some domains were stolen that way in the past, ICANN has changed the rules for the major top-level-domains, including .com. Now, after a domain name expires, the original register has a 45 day auto-renew grace period where they can re-register it without penalty. If they miss that period, they have an additional 30 day grace period where it can be re-registered with a penalty. The domain name stops working when it initially expires so it would be nearly impossible for a company like tinyurl to get to the end of both grace periods without noticing and fixing the problem. These new rules make it effectively impossible for an organization to lose its domain name by failing to renew on a timely basis. Reference

Since Randall only mentioned domain expiration as the way it might be stolen, it is unclear whether or not he was considering a more direct domain name hijacking. I'm less familiar with how easy domain hijacking might be but considering that their entire business depends on their domain name, I can't imagine it would actually be that easy.

Regarding the current explanation (and has been pointed out already), saying that "sites can be particularly vulnerable if they do not maintain their web site" is very wrong. This has nothing to do with maintaining a website, and only has to do with maintaining thei domain name. The website and domain name are two very different things, so this isn't just a matter of nitpicking. However, as I have explained above, the entire concept is no longer correct. There is now a grace period up to 75 days long for .com domains during which registrars are not allowed to sell the domain name to another third party. -- Cmancone (talk) (please sign your comments with ~~~~)

It might be a lot easier than you think to steal the launch codes. For nearly 20 years the USA's launch code was 00000000. 162.158.255.135 22:51, 27 June 2016 (UTC)

Be honest: if you were to guess the launch codes, would you have guessed that? Phineas81707 (talk) 14:11, 28 June 2016 (UTC)

This is a bit of a style guide comment: can we please leave the Citation Needed Joke out of "nuclear war is bad"? The joke worked in our explanation of 180: Canada because it was related to the comic itself. Here, not so much. 162.158.255.127 01:43, 30 June 2016 (UTC)

The description seems to assume that “printed publication” means “offline articles”. It also means “scientific article which passed peer-review”, hence a joke as serious scientific paper may be discredited as potentially redirecting to porn websites. Does anyone also share my interpretation? Greatfermat (talk) 16:14, 2 November 2016 (UTC)

https://tinyurl.com/Theft-Quadrants Opalzukor (talk) 15:31, 3 March 2021 (UTC)

Guise! It finally happened! It's getting patched rapidly. https://www.vice.com/en/article/qj8xz3/a-defunct-video-hosting-site-is-flooding-normal-websites-with-hardcore-porn 172.70.82.142 02:04, 23 July 2021 (UTC)

I'm sceptical about just how bad stealing the launch codes would really be; there's a lot of procedure beyond just having the right codes, and they change them every day anyway so your window is really small. 172.70.117.92 21:17, 24 July 2021 (UTC)