Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Filters on url shortening services
From: Andrew Hodgson <andrew () hodgsonfamily org>
Date: Mon, 07 Oct 2002 20:47:13 +0100

On Mon, 07 Oct 2002 21:38:51 +0200, you wrote:

Andrew Hodgson <andrew () hodgsonfamily org> writes:

The second is that anyone can create any url, and the user knows very
little about what they are clicking on.

And this differs in what way from the current state of affairs on the
rest of the net?

If the URL was not shortened and the user knew the formats of the
current vulnerabilities then they would probably think twice before
launching the URL.  Furthermore, if I was given a strange looking url
I may think twice before launching it.

However, with these services it is possible to just click on an
unsuspecting url (and the user has probably received a few other URLS
with the shortening service already), and thus they may be less
suspicious of that the URL actually does.

Anybody is free to start his own shortcut service.  Certainly, you
don't want to take aways this freedom!

No, I am just advocating the idea of adding filters to the service to
stop people from creating malicious URLs with the shortening service.

Andrew Hodgson, Bromyard, Herefordshire, UK.
Email: Andrew () hodgsonfamily org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]