[Ipg-smz] The use of URL Shorteners violates security principles
Patrick Corrigan
phcorrigan at gmail.com
Mon Oct 8 19:14:49 UTC 2018
Tom, you have laid this out as clearly as I've seen. I suggest that anyone
who wants to understand what deep doo-doo we're in read the works of Nassim
Nicholas Taleb, including "Fooled by Randomness," "The Black Swan," and
"Antifragile."
On Mon, Oct 8, 2018 at 10:16 AM Tom Henderson <thenderson at extremelabs.com>
wrote:
> Researching security has admittedly made me paranoid. Sadly, I'm rewarded
> constantly by my paranoia.
>
> The numbing of the unbelievable number of break-ins, thefts, state actors,
> and more, is almost incomprehensible. And yet it's ignored. The US Gov
> cyber-czar position is still open. Nineteen US Gov agencies now have Venn
> diagram nexus over security. NINETEEN. And tell me how many
> credit-protection offerings have you been doled, THIS YEAR?
>
> This death-by-a-thousand-cuts is really onerous, and contributes handily
> to the extreme stress levels found on the streets and even backwater
> warrens today.
>
> The cure is salving and healing the wounds, one at a time. People
> unwittingly have, as you mentioned, learned to put up with historical
> misdeed until it's now part of their DNA to ignore the pains of them. But a
> preponderance, an accumulation of these pains is a weight. People don't see
> it until they're free of them.... like going on a trip to a place where
> there's no WiFi, no cell, and perhaps no AM/FM radio. Then they remember,
> and going back into the real world is like walking into a cacophony of
> madness. There was a quiet time. There was a time when all your info wasn't
> for sale on some .onion address. There was a time.
>
> /preach
>
> Tom
>
>
>
> On 10/08/2018 01:01 PM, Cameron Laird wrote:
>
> *That* is a second grad-level thesis: persistence of technologies whose
> rationales have long since vanished. URL shortening has been, for some
> years, cargo culting, at best. As Tom documents, it's now hazardous cargo
> culting. There are plenty of other examples of widely-employed cultural
> elements that only can be understood as historical vestiges--almost
> anything under "telco pricing" qualifies.
>
> On Mon, Oct 8, 2018 at 11:49 AM Esther Schindler <esther at bitranch.com>
> wrote:
>
>> Are they still a thing?
>>
>> I used to use them because they provided some level of tracking click
>> throughs. That went away.
>>
>> I also used to use them back when Twitter counted all the characters in a
>> URL as part of its 140. That went away too.
>>
>> I’m not sure when/why anyone wants to use these any more… even before the
>> security vulnerabilites.
>>
>> On Oct 8, 2018, at 9:04 AM, Tom Henderson <thenderson at extremelabs.com>
>> wrote:
>>
>> I can give you a long list of ow.ly shortened URLs that will give you a
>> malware dose the size of Cincinnati.
>>
>> ONE SINGLE MISTYPED character will send a user into plain hell.
>>
>>
>> --
>> Ipg-smz mailing list
>> Ipg-smz at netpress.org
>> http://netpress.org/mailman/listinfo/ipg-smz_netpress.org
>>
>
>
>
> --
> Tom Henderson
> ExtremeLabs, Inc.
> +1 317 250 4646
> Twitter: @extremelabs
> Skype: extremelabsinc
>
> --
> Ipg-smz mailing list
> Ipg-smz at netpress.org
> http://netpress.org/mailman/listinfo/ipg-smz_netpress.org
>
--
Patrick Corrigan
Email: phcorrigan at gmail.com
LinkedIn: https://www.linkedin.com/in/patrick-h-corrigan-61669422
Member, Internet Press Guild http://www.netpress.org
"For every difficult and complex question there is an answer that is
simple, easily understood and wrong."
H.L. Mencken
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://netpress.org/pipermail/ipg-smz_netpress.org/attachments/20181008/d505548f/attachment.html>
More information about the Ipg-smz
mailing list