mailing list archives
Re: How long is your rack?
From: Steven Bellovin <smb () cs columbia edu>
Date: Mon, 15 Aug 2011 11:31:36 -0400
On Aug 15, 2011, at 10:12 21AM, Randy Bush wrote:
I've always wondered if the next cisco/juniper 0 day will be delivered
via a set of exploits delivered via a link posted to NANOG. :) Maybe
I'll do a talk at DEFCON next year about that.
more likely a 'shortened' url. how anyone can click those is beyond me.
I'm curious what your objection is.
Mine is privacy -- the owner of the shortening site gets to see every place
you visit using one of those. I don't think there's a significant incremental
security risk, because the URL you click on doesn't tell you what you'll
receive in any event. Case in point: https://www.cs.columbia.edu/~smb/SMBlog-in-PDF.pdf
does *not* yield a PDF. (As far as I know, it's a completely safe URL to
click on, but I can't guarantee that someone else didn't hack my site. I, at
least, haven't put any nasties there.)
Yes, when you avoid shortened URLs you get some assurance of the owner of
the content. Given the rate of hacking -- is anyone really safe from a
determined amateur attack, let alone state-sponsored nastiness? -- and
given the amount of third-party content served up by virtually all ad-containing
site, you really have no idea what you're going to receive when you click
on any link.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
Re: NANOGers home data centers - What's in your closet? Jeffrey S. Young (Aug 13)
Re: NANOGers home data centers - What's in your closet? Leo Bicknell (Aug 14)
Infection vectors Charles N Wyble (Aug 15)
Re: How long is your rack? Valdis . Kletnieks (Aug 15)
Re: How long is your rack? Charles N Wyble (Aug 15)
IPv6 Real World Maturity (was re: How long is your rack?) Tim Wilde (Aug 15)
Re: IPv6 Real World Maturity (was re: How long is your rack?) Paul Graydon (Aug 15)
- Re: NANOGers home data centers - What's in your closet?, (continued)