A warning on shortened URL's

Started by DorsetBoy, Dec 01, 2010, 08:15:24

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

DorsetBoy

Several sites/forums I use are now banning the use/posting of shortened or masked URL's as they are now a much used source of malicious redirects to infected pages and worms.

This is a masked URL, how do you know it is safe to click? ( this one is safe)

On Facebook, Twitter and many forums you also see shortened URL's created using tinyurl  ( and others ) and it is habit to just click the link but do you know where you are being directed to?


http://security.thejoshmeister.com/2009/04/how-to-preview-shortened-urls-tinyurl.html   joshmeister gives some help on how to check the link before you jump in, it may well save your system from attack.

zappaDPJ

By coincidence I never do that because I'm too lazy but I actually made the effort and did it today with my forum upgrade announcement ;D




And now all your passwords are mine :muahaha:

More seriously that's very good advice :)
zap
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

D-Dan

I have the Greasemonkey script installed (I chose the script so that I could examine the source to make sure it wasn't doing anything untoward), which will show the expanded URL in a tooltip type popup when you mouseover. Very useful :)

Steve
Have I lost my way?



This post doesn't necessarily represent even my own opinions, let alone anyone else's

Rik

I've always felt wary of 'obscured URLs'. I like to know where I'm being taken so I can decide if I want to go there.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Technical Ben

I don't mind for forum links, as I always look at the info bar at the bottom of the browser. But I understand for tinyurls. Perhaps Tiny url companies could use a redirect page with a "yes/no" button. Then as long as the link is "www.tinyurlwetrust.com" and not some other site, you know you can trust them?
I use to have a signature, then it all changed to chip and pin.

Rik

Good idea, Ben. Quick, patent it. ;)
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Tacitus

I've got GreaseMonkey installed but I can't find the script you refer to despite trawling their script site....   Most of the expander scripts (eg Xpndit!) decode to a separate window rather than as a mouseover.

D-Dan

Have I lost my way?



This post doesn't necessarily represent even my own opinions, let alone anyone else's

Technical Ben

Quote from: Rik on Dec 01, 2010, 09:57:46
Good idea, Ben. Quick, patent it. ;)
Well Open DNS and Firefox/IE do similar already with attack sites saying "do you wish to continue, may contain a virus". So why not Tinyurl as well? "Do you wish to continue to www.ebay.com"
I use to have a signature, then it all changed to chip and pin.