[Donna]

Quote

Short URL services are becoming increasingly popular among social networks, especially on Twitter. When you have to limit your message to just 140 characters, every character becomes important, and posting links to searches on Google or news websites can rapidly fill an entire Twitter message.

Of course, for every problem there is a solution, so what URL shortening services like TinyURL, Is.gd or Bit.ly are doing is to offer for free short URLs that redirect to the longer ones. Everything might seem great until the moment you start thinking about security, and several problems come to my mind.

Social engineering is made easier. The user doesn’t really see the URL of the page he’s going to, but just the shortened version, which usually doesn’t offer any clue of where the destination page is hosted. An attacker can say he’s linking to “nice pictures with bunnies”, but instead sending the user to a website hosting malicious content.

The reliability is questionable.

Trust can be a problem.

Security concerns are being raised by these URL shortening services, and I am very glad to see the media also starting to notice them and raise the security awareness level throughout their readers: AP recently posted an article about short URL services that also touches on the security problems.

http://www.viruslist...logid=208187741

Yup it is a big PROBLEM and it’s why I don’t use URL redirection but if I have to, I will use ShuURL or Steven Burn’s URL redirection service called, sURL http://www.it-mate.co.uk/?sec=sURL because with sURL, you can’t redirect a link if it’s known bad site or listed in hpHOSTS database while with ShuURL, you get the Web of Trust rating before you decide to proceed with the redirected link.

Related article on Short URLs or URL redirection:

Is URL Redirection services safe to use?
Use ShuURL with Web Of Trust to view or create a short URL

[hewee]

There is for Firefox some add-ons to help you out.

Long URL Please

Quote

Replaces short urls with the originals so you can see where links actually link to.

[E Pericoloso Sporgersi]

hewee, on Jun 5 2009, 10:22 PM, said:

There is for Firefox some add-ons to help you out.
Long URL Please

Quote

Replaces short urls with the originals so you can see where links actually link to.

Hey, hewee, thanks for that link.

I usually refuse any kind of toolbar or add-on. But this seems a very promising FireFox add-on.

It might convince me to keep it active. It's certainly worth a trial run.

[Donna]

hewee, on Jun 5 2009, 12:22 PM, said:

There is for Firefox some add-ons to help you out.

Long URL Please

Quote

Replaces short urls with the originals so you can see where links actually link to.

TY for mentioning this hewee! I don't use FF much though but will remember that add-on. It will help one of the concerns in using Short URL.

[hewee]

E Pericoloso and Donna you are both welcome.


Plus I was thinking there was another one out there I seen but I could not find it.

I know there are so many short URL add-ons it is a wonder we do not see more short renamed links out there.
Sure most may be good links but it is the bad ones we need to know about that can get us into trouble.
I hate it when your at a forum and they post a link and you trust the person but it is that tiny URL link because I block it with my hosts file.
Also I think any good Forum that is around to help and protect people and there computers should block out the tiny URL links so they can not be posted.

[Donna]

Good idea hewee. We'll ask our fixer/coder to consider that if we will see people posting short URL here that can pose risk to others.

[Donna]

I just saw this blog entry in ZoneAlarm blog:

Quote

ZoneAlarm blocks a web site that you want to visit. For example, some users have noted that ZoneAlarm blocks them when they go to TinyURL.com. Why would ZoneAlarm do this, and what do I do if that happens?

Spyware has occasionally been downloaded from TinyURL.com or a partner site (TinyURL often redirects users to other sites). To protect you from this threat, ZoneAlarm warns you about it and blocks that specific Web site. But people might still want to use TinyURL.com anyway – after all it’s a useful tool for posting short urls on Twitter. Well, you still can.

http://blog.zonealarm.com/blog/2009/05/tin...te-spyware.html

[MysteryFCM]

Cheers for the ref Donna

Just an FYI, the sURL homepage is at http://surl.co.uk

I know it's in dire need of re-design and re-write - I am hoping to get some time to do it within the next few months

[Donna]

Thanks for the homepage of sURL. Was looking for it when I posted and I run out of time (dogs need to go out for a walk and they are pulling me!)

I like the option - Are you nuts? LOL but you know I don't use URL redirection but will click only on shortened URLs if it's using your service or ShuURL. And I saw one person posted a comment in my blog... with another short URL service that they said will check for safety/security:
http://msmvps.com/blogs/donna/archive/2009...s.aspx#comments

Quote

Safe.mn (http://safe.mn/) addresses the two main criticisms to URL shorteners: security and transparency. All links are thoroughly verified for viruses, malware, phishing, malicious content, session stealing, cross-site scripting attacks, etc. Any suspicious link gets flagged, and users are warned about it. Safe.mn is also the most transparent URL shortener service: all links generated by Safe.mn are publicly available, and updated regularly.

[MysteryFCM]

I'm a little curious as to how they check the target URL's and am skeptical of their claims.

I've just created one using their service, to a known malware site (listed in hpHosts), and their service didn't notify me of any problems, and created the short URL for me .... which likely means they're checking things manually (not a very good option for this kind of service)

[Donna]

True which is why I have not recommend their short url service. It seems they are using 2 method: redirecting a redirection. I have not play with it.