[Ipg-smz] The use of URL Shorteners violates security principles
Tom Henderson
thenderson at extremelabs.com
Mon Oct 8 16:16:59 UTC 2018
I do them. Unless you want to go far, far into the weeds, this is not a
fun story to research. Trust me on this. I use VMs to test some of
them..... and have had to crater the instances on numerous occasions.
This is a grad student thesis.
Tom
On 10/08/2018 12:09 PM, Dana Blankenhorn wrote:
> Great story for someone on the list who does security stories. <ahem>
>
> On Mon, Oct 8, 2018 at 12:05 PM Tom Henderson
> <thenderson at extremelabs.com <mailto:thenderson at extremelabs.com>> wrote:
>
> Fellow Guilders,
>
> I can give you a long list of ow.ly <http://ow.ly> shortened URLs
> that will give you a
> malware dose the size of Cincinnati.
>
> ONE SINGLE MISTYPED character will send a user into plain hell.
>
> bit.ly <http://bit.ly>, direc.it <http://direc.it>, and many other
> URL shorteners are similarly infected.
>
> May I strongly suggest not using them, please. Yes, your URL is
> probably
> fine, but a single mistyped character can be explosive.
>
> THESE ORGANIZATIONS DO NOT SCAN TARGETS FOR MALWARE or URL target
> integrity.
>
> Please please please reconsider their use and use the long URL. I
> have
> been using a highly-sandboxed instance to extract the URL and re-post
> them on places like twitter, but this is getting old.
>
> I can't give you the ones with malware, because you'll get
> infected or
> your own anti-malware software will trigger (hopefully).
>
> I'm not kidding, please reconsider using them and the
> don't-give-a-hootsuite-type apps that generate them.
>
> These organizations do not respond to URL takedown requests.
>
> Thanks,
>
> Tom
>
>
> --
> Tom Henderson
> ExtremeLabs, Inc.
> +1 317 250 4646 <tel:+1%20317-250-4646>
> Twitter: @extremelabs
> Skype: extremelabsinc
>
>
> --
> Ipg-smz mailing list
> Ipg-smz at netpress.org <mailto:Ipg-smz at netpress.org>
> http://netpress.org/mailman/listinfo/ipg-smz_netpress.org
>
> --
> Dana Blankenhorn
> http://www.danablankenhorn.com
> http://investorplace.com/author/danablankenhorn/#.WJzBOzsrLIV
>
>
--
Tom Henderson
ExtremeLabs, Inc.
+1 317 250 4646
Twitter: @extremelabs
Skype: extremelabsinc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://netpress.org/pipermail/ipg-smz_netpress.org/attachments/20181008/3e6c9c93/attachment.html>
More information about the Ipg-smz
mailing list