[nycbug-talk] The Security Implications of URL Shortening Services

maddaemon at gmail.com maddaemon at gmail.com
Wed Apr 8 17:22:19 EDT 2009

On Sat, Apr 4, 2009 at 2:33 PM, Hans Zaunere <lists at zaunere.com> wrote:
>> http://unweary.com/2009/04/the-security-implications-of-url-shortening-
>> services.html
> To prevent wrap for future thread followers, here we go:
> http://tinyurl.com/dxk943
>> I post this because some people on this list (*ahem* George) love
>> tinyurl. I never understood why there's so much love for these
>> services. They introduce latency, obfuscate the target, and add a
>> layer of dependency: tinyurl, believe it or not, may go down!
>> Thoughts?
> unweary needed something to post about.
> I especially love the conclusion:
> "A hacker or spammer is empowered by using a "benign" URL shortening service
> that everyone uses and everyone trusts"
> If that's an advantage that hackers/spammers have then I'll sleep easier
> tonight.  And by that measure, it's also an advantage most search engines -
> like Google - have every time you click a search result.
> The fact is a destination URL is dangerous - if we want to continue the
> paranoia - whether you know the domain, path, etc. ahead of time or not.
> Perhaps a new service would convert the above link to:
> tiny.com/er32-unweary.com
> So at least the domain is visible.  But then again, that's not really safety
> either.
> H

Or you can use the preview feature, so you wind up with something like this:



<insert witty random quote here>

More information about the talk mailing list