Home page logo

nanog logo nanog mailing list archives

Re: How long is your rack?
From: Greg Ihnen <os10rules () gmail com>
Date: Mon, 15 Aug 2011 21:23:49 -0430

On Aug 15, 2011, at 8:02 PM, David Miller wrote:

On 8/15/2011 6:00 PM, Matthew Palmer wrote:
On Mon, Aug 15, 2011 at 11:37:37AM -0400, Randy Bush wrote:
more likely a 'shortened' url.  how anyone can click those is beyond
I'm curious what your objection is.
i have no assurance that a shortened url does not lead to a malicious
site.  also your privacy issue, but that is secondary.
Given the rate of publicised defacements of all manner of sites (and that
injecting malware into a page is the exact same thing as a clear defacement,
from an execution point of view), a long URL gives you no greater assurance
of protection from malice.

True.  A long URL does not guarantee protection from malice.

However, you would likely *not* visit a link to obviousmalwaresite.example.com.  In fact, I would guess that even a 
reasonable percentage of the clueless would not click a link to obviousmalwaresite.example.com.

Camouflaging obviousmalwaresite.example.com behind a URL shortener and/or several layers of redirection (which is all 
that a URL shortener is in the end) will increase the number of clicks.  This is obviously why spammers/scammers use 

Your spam filtering may block emails with links to obviousmalwaresite.example.com, but does it also expand short URLs 
and then block on the final destination?  Or do you simply block all emails with short URLs in them?

Expanding a short URL merely raises the bar slightly by getting you to the long URL... which gets us back to - 
whether or not you would click on obviousmalwaresite.example.com.  A tool like longurl.org will give you the full 
redirection chain and things like Titles and Meta data for the final destination.  If you like, you can go directly 
to the destination bypassing potential redirection-redirection (i.e. redirecting a portion of visitors differently 
than others).

For example:
http://t.co/7wP9W2j == Good || Bad -> http://longurl.org/expand?url=http%3A%2F%2Ft.co%2F7wP9W2j

FYI: I lock the doors of my car despite the fact that a fair amount of the 'security' of the external surface of the 
car is provided by panels of glass.

-- maintainer of longurl.org in my spare time (instead of building a data center in my house :-)
  use the web site, use the API, or download the code and run your own server (the code is opensource)

There are browser extensions which resolve and display the actual address of shortened URLs.


And for fun there's always http://shadyurl.com to make shortened obscured URLs that are extra scary.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]