[nycbug-talk] The Security Implications of URL Shortening Services

Hans Zaunere lists at zaunere.com
Sat Apr 4 14:33:39 EDT 2009


> http://unweary.com/2009/04/the-security-implications-of-url-shortening-
> services.html

To prevent wrap for future thread followers, here we go:

http://tinyurl.com/dxk943

> I post this because some people on this list (*ahem* George) love
> tinyurl. I never understood why there's so much love for these
> services. They introduce latency, obfuscate the target, and add a
> layer of dependency: tinyurl, believe it or not, may go down!
> 
> Thoughts?

unweary needed something to post about.

I especially love the conclusion:

"A hacker or spammer is empowered by using a "benign" URL shortening service
that everyone uses and everyone trusts"

If that's an advantage that hackers/spammers have then I'll sleep easier
tonight.  And by that measure, it's also an advantage most search engines -
like Google - have every time you click a search result.

The fact is a destination URL is dangerous - if we want to continue the
paranoia - whether you know the domain, path, etc. ahead of time or not.

Perhaps a new service would convert the above link to:

tiny.com/er32-unweary.com

So at least the domain is visible.  But then again, that's not really safety
either.

H





More information about the talk mailing list