Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: TinyURL and security SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
TinyURL and security

Roseman wrote in with a pointer to a techrepublic blog that points out the well known danger to the short URL servcies and their widespread use.

The blog also pointed out:

  • TinyURL has a preview function that (once you set the cookie) allows you to see where you're being redirected before it happens. Set the cookie here: http://tinyurl.com/preview.php
  • Bit.ly has an add-on for firefox that allows you to see where the URL points to in addition to some statistics.

Those measures reduce some of the danges, but by far not every danger of users being used to click on links they receive via twitter, IM, or email. It's still far safer to go to any place you need to log in such as e.g. your bank via a bookmarked link only. Those bookmarks reduce the phishing attempts emailing you funny URLs, the typosquatters etc. Add in a properly workign certificate on the SSL version of the website and you've got some serious defense going as a user as long as you do not accept bad certificates.

--
Swa Frantzen -- Section 66

Swa

760 Posts
TinyURL has another preview mode that you don't have to do anything ahead of time to use. Just replace the
http://tinyurl.com/FooBar URL with:
http://preview.tinyurl.com/FooBar
Anonymous

Sign Up for Free or Log In to start participating in the conversation!