undefined | Better HN

0 pointspritambarhate4y ago0 comments

>> which you can easily brute-force

It will results in a very high number of 404s. These can be monitored and the origin IPs can be banned.

0 comments

2^10 is 1024, so hundreds of requests. Not a very high number. And since it’s a counter, even less. Easy to disguise; the official app is likely to do more requests in a one-minute session. And obviously, sophisticated attackers aren’t limited to one IP.

I’m suspecting you meant “easily guessable” in the human sense, not the cryptographic/security sense. My bad if I misunderstood you. Again, I’m not saying Instagram has any security problem, I’m just saying that this ID scheme in particular isn’t a security feature.

j / k navigate · click thread line to collapse

0 pointspritambarhate4y ago0 comments

>> which you can easily brute-force

It will results in a very high number of 404s. These can be monitored and the origin IPs can be banned.

0 comments

codeflo4y ago

j / k navigate · click thread line to collapse