What secrets might I want to monitor with URL Canary?
Email inboxes, other private messages
Put an email in an important person's inbox with an enticing subject and URL
(e.g. "Banking login" at "https://private.yourcompany.com/banking-login-2018.txt").
If the inbox gets compromised and the attacker tries to visit the URL, your security team will receive
an alert containing the IP address and User-Agent of the attacker, and you can investigate the breach.
Similar tactics work on any communications platform where the compromise of historical messages
might be damaging (Slack, Skype, Hipchat, WhatsApp, Facebook Messenger, ...).
Put a shortcut on the desktop with an enticing name and icon, that is a hyperlink
to a convincing URL. If the computer is either stolen unenecrypted, or remotely-compromised,
and the attacker tries to follow the shortcut, your security team receive an alert and you
Internal wiki, bug tracker
Hide a compelling paragraph or two, containing likely search terms (password, backup, keys, etc.)
in obscure places in your wiki, bug tracker, or other
source of information, along with a URL Canary. If authorised users stumble across the information,
you'll be able to see that the access came from an authorised computer. If an attacker finds it while
searching for information, and visits the URL, your security team receive an alert and you
Source code repositories, database backups
Put a file with an irresistible name in your code repositories and database backups, with believable
contents and a URL Canary. If an attacker
gains access to the data, and visits the URL, your security team receive an alert and you can investigate.
Create a 1Password vault purporting to show a URL that contains additional authentication information.
If an attacker gains access to the vault and follows the URL, your security team receive an alert
and you can investigate.
Physical safes, safe deposit boxes, private drawers
It's not limited to digital information: physically writing a URL Canary down on a sheet of paper
is likely to attract the interest of anybody (from casual theft to corporate espionage) who gains
unauthorised access to the location. If the thief visits the URL, your security team receive an alert
and you can investigate.
Any other private information, physical or digital
You can put a URL Canary anywhere that has enough storage space to store a URL. If the URL is ever accessed,
you will know that somebody has gained access to that storage space. Be it a database backup, a locked box,
a personal diary, or anything else. It is of course possible that an attacker would be wary that the URL
is a canary and opt not to visit it. In such case, you're no worse off than you would have been if the URL
Canary wasn't there at all.