[Ipg-smz] The use of URL Shorteners violates security principles

Tom Henderson thenderson at extremelabs.com
Mon Oct 8 17:51:13 UTC 2018 

Convenience at the price of opaqueness.

Ease of visual transcription for the plausible error of doling malware.

Like most shortcuts, doesn't do the job if it infects someone. A simple 
mistaken keystroke sends someone to the unintended. No one mistypes 
stuff, right?

The brand might not be what you intended.

With all due respect,

Tom



On 10/08/2018 01:40 PM, Ken Gagne wrote:
> I use URL shorteners for a few reasons. A short link:
>
>   * is easier to remember and type, without having to look up the
>     original, long link.
>   * is easier for someone to use if seeing it in a presentation or a
>     hardcopy handout.
>   * takes up less space in print.
>   * is better branding.
>
>
> However, I create my short links with YOURLS <https://yourls.org/>, an 
> open-source URL shortener that you install on your own domain — no 
> integration with (or dependency on) bit.ly, ow.ly, or other 
> third-party services. Some examples of links I've created in it:
>
>   * gamebits.tv/dox <https://gamebits.tv/dox>: my Computerworld
>     article about removing your profile from data brokers.
>   * kgagne.com/moo <http://kgagne.com/moo>: my referral code for Moo.com.
>
>
> I also used YOURLS to create a2.click <https://a2.click>, a URL 
> shortener with a frontend that anyone can use — but only if the 
> submitted URLs match my domain whitelist.
>
> -Ken
>
> On Mon, Oct 8, 2018, at 12:43 PM, Esther Schindler wrote:
>> Are they still a thing?
>>
>> I used to use them because they provided some level of tracking click 
>> throughs. That went away.
>>
>> I also used to use them back when Twitter counted all the characters 
>> in a URL as part of its 140. That went away too.
>>
>> I’m not sure when/why anyone wants to use these any more… even before 
>> the security vulnerabilites.
>>
>>> On Oct 8, 2018, at 9:04 AM, Tom Henderson 
>>> <thenderson at extremelabs.com <mailto:thenderson at extremelabs.com>> wrote:
>>>
>>> I can give you a long list ofow.ly <http://ow.ly/>shortened URLs 
>>> that will give you a malware dose the size of Cincinnati.
>>>
>>> ONE SINGLE MISTYPED character will send a user into plain hell.
>>
>> --
>> Ipg-smz mailing list
>> Ipg-smz at netpress.org <mailto:Ipg-smz at netpress.org>
>> http://netpress.org/mailman/listinfo/ipg-smz_netpress.org
>
>
>

-- 
Tom Henderson
ExtremeLabs, Inc.
+1 317 250 4646
Twitter: @extremelabs
Skype: extremelabsinc

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://netpress.org/pipermail/ipg-smz_netpress.org/attachments/20181008/eb4e0c9d/attachment-0001.html>

More information about the Ipg-smz mailing list