[nycbug-talk] The Security Implications of URL Shortening Services
Hans Zaunere
lists at zaunere.com
Sat Apr 4 14:33:39 EDT 2009
> http://unweary.com/2009/04/the-security-implications-of-url-shortening-
> services.html
To prevent wrap for future thread followers, here we go:
http://tinyurl.com/dxk943
> I post this because some people on this list (*ahem* George) love
> tinyurl. I never understood why there's so much love for these
> services. They introduce latency, obfuscate the target, and add a
> layer of dependency: tinyurl, believe it or not, may go down!
>
> Thoughts?
unweary needed something to post about.
I especially love the conclusion:
"A hacker or spammer is empowered by using a "benign" URL shortening service
that everyone uses and everyone trusts"
If that's an advantage that hackers/spammers have then I'll sleep easier
tonight. And by that measure, it's also an advantage most search engines -
like Google - have every time you click a search result.
The fact is a destination URL is dangerous - if we want to continue the
paranoia - whether you know the domain, path, etc. ahead of time or not.
Perhaps a new service would convert the above link to:
tiny.com/er32-unweary.com
So at least the domain is visible. But then again, that's not really safety
either.
H
More information about the talk
mailing list