A warning on shortened URL's

Started by DorsetBoy, Dec 01, 2010, 08:15:24

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

DorsetBoy

Dec 01, 2010, 08:15:24
Several sites/forums I use are now banning the use/posting of shortened or masked URL's as they are now a much used source of malicious redirects to infected pages and worms.

This is a masked URL, how do you know it is safe to click? ( this one is safe)

On Facebook, Twitter and many forums you also see shortened URL's created using tinyurl  ( and others ) and it is habit to just click the link but do you know where you are being directed to?


http://security.thejoshmeister.com/2009/04/how-to-preview-shortened-urls-tinyurl.html   joshmeister gives some help on how to check the link before you jump in, it may well save your system from attack.

zappaDPJ

#1
Dec 01, 2010, 08:21:35
By coincidence I never do that because I'm too lazy but I actually made the effort and did it today with my forum upgrade announcement ;D




And now all your passwords are mine :muahaha:

More seriously that's very good advice :)
zap
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

D-Dan

#2
Dec 01, 2010, 09:43:19
I have the Greasemonkey script installed (I chose the script so that I could examine the source to make sure it wasn't doing anything untoward), which will show the expanded URL in a tooltip type popup when you mouseover. Very useful :)

Steve
Have I lost my way?



This post doesn't necessarily represent even my own opinions, let alone anyone else's

Rik

#3
Dec 01, 2010, 09:50:52
I've always felt wary of 'obscured URLs'. I like to know where I'm being taken so I can decide if I want to go there.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Technical Ben

#4
Dec 01, 2010, 09:53:31
I don't mind for forum links, as I always look at the info bar at the bottom of the browser. But I understand for tinyurls. Perhaps Tiny url companies could use a redirect page with a "yes/no" button. Then as long as the link is "www.tinyurlwetrust.com" and not some other site, you know you can trust them?
I use to have a signature, then it all changed to chip and pin.

Rik

#5
Dec 01, 2010, 09:57:46
Good idea, Ben. Quick, patent it. ;)
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Tacitus

#6
Dec 02, 2010, 09:37:48
I've got GreaseMonkey installed but I can't find the script you refer to despite trawling their script site....   Most of the expander scripts (eg Xpndit!) decode to a separate window rather than as a mouseover.

D-Dan

#7
Dec 02, 2010, 09:43:00
Have I lost my way?



This post doesn't necessarily represent even my own opinions, let alone anyone else's

Technical Ben

#8
Dec 02, 2010, 10:07:26
Quote from: Rik on Dec 01, 2010, 09:57:46
Good idea, Ben. Quick, patent it. ;)
Well Open DNS and Firefox/IE do similar already with attack sites saying "do you wish to continue, may contain a virus". So why not Tinyurl as well? "Do you wish to continue to www.ebay.com"
I use to have a signature, then it all changed to chip and pin.
Print
Go Up Pages1
User actions