Link shortening and the new wave malware on Twitter

I’ve been reading what Sans Internet storm has to say about twitter and how that can bring malware to Twitter. Sans argues that there is no reliable way to determine the information someone says, and that is where I am wanting to talk about the way people are creating what I call Link baiting or Blind links. You ever click on a link in twitter to find it it wasn’t what you thought it was?

[ad]I also thought of what Sopho’s blog about today where someone hijacked 2.2 Million redirect Urls using Cli.gs services to shorten links. I was reading through the Cli.gs blog about the incident and it came from Canada but I don’t think the user of the website who had all that traffic was involved in any way shape or form to the hacking of Cli.gs website. I personally think this was done to prove a point and it is a very good point.

That in the future there will be someone to redirect links to a malware site and it won’t be pretty. Think about it any shorten url service like Tinyurl or others who could have their links all be directed to a website. that is a big number and it worries me. Let us go through the numbers a little bit and see. 98.2% of people go to Tinyurl.com and don’t preview the url first. Half of the clicks in Bit.ly are coming from the US, which means we are more at risk of clicking on a link that could be a virus or malware.

Now I know people don’t have time to check out all the links or forget to check before they click. So I have a few plugins that might help with this.   LongUrl Pluggin  Can use 72 different web services including Bit.ly, Tinyurl, Cli.gs, and a bunch more.  This is a good little plugin to help prevent yourself from clicking those links that you are unsure of.    I would also recommend getting a [intlink id=”2205″ type=”page”]Free Anti-virus and Free Firewall[/intlink] to better protect yoru system.  I wouldn’t use Internet Explorer it seems that is more easier to infect with malware than Firefox.  [intlink id=”3668″ type=”post”]Firefox still has to worry[/intlink] but not as much.

The Seriousness of the Twitter Vulnerability?

twitter_110 The main question is how much do you want to know about this?  Yes I am talking about a Vulnerability that could risk your twitter account or even yet inject malious software into the computer.

[ad#cricket-right-ez]We’ve seen that there have been [intlink id=”2650″ type=”post”]twitter phishing[/intlink] in the past, and [intlink id=”3008″ type=”post”]Facebook phishing[/intlink] have made people wonder out much do we depend on Twitter.

Lance James and Eric Wastl have provide Proof of Concept for this vulnerability, according to Information Weekly:

James cautions that XSS vulnerabilities should be taken seriously because they can reach beyond Web pages. “A lot of people think XSS is limited to the Web,” he said. If there’s another vulnerability in the victim’s browser, the Twitter flaw could be used to launch additional malicious code, he explained.

As you can see there is more to this problem then meets the eye.  For one using the [intlink id=”2980″ type=”post”]URL redirects[/intlink] could be one way this could be used.  No telling what other vulnerabilities lay for the client side twitter programs.   Twitter has a long way to go to be security minded, and yet Twitter hasn’t said what they will do to fix this problem.

I for one would like to see this problem fixed just as quickly as possible due to the security risk involved to me, the consumer.  Twitter needs to jump on this and fix it to prevent any more attacks against there twitter audience. Although it doesn’t hurt to have [intlink id=”2205″ type=”page”]Anti-virus And a good firewall[/intlink], it all depends on End user to prevent this for the time being.

Come on Twitter, Fix this problem.

TINYURL being used by scammers and hackers — How to prevent it!!

With Phishing attempts going on with the TINYURL redirect website, I thought I would show you how you could prevent from going to a site you don’t want. Tinyurl.com has a great little feature, although it is a feature based on your cookies. It however will help prevent you from going to a site that you don’t know anything that about. It’s called the Preview Feature, and is available to any user who wants to use it.

previewtiny

As you can see if you enable it and you go to a click on a tinyurl, you will see this:

http://tinyurl.com/6t7ukk

previewtiny1

[ad#ad2-right]As you can see, if you click any TINYURL links you will automatically be told where that link is redirecting you to. This however only works with there being a cookie left behind in your system to let tell Tinyurl that is has to show the link first. So if you clean your cookies out from time to time, you will need to enable it every time after you clean the browser cookies. This will help prevent you from being phished because you will be able to tell if it is the right site in the first place. If not then you don’t have to visit that site. This should be enabled on all Short URL Sites, I hope they make it a mandatory for any site that redirects. This would help stop phishing and scammers because they can’t hide behind unknown url. Only time will tell though, these sites are always going to have problems but this would solve so many problems.