tinyurl – Paul's Tech Talk

Link shortening and the new wave malware on Twitter

PaulJune 16, 2009

I’ve been reading what Sans Internet storm has to say about twitter and how that can bring malware to Twitter. Sans argues that there is no reliable way to determine the information someone says, and that is where I am wanting to talk about the way people are creating what I call Link baiting or Blind links. You ever click on a link in twitter to find it it wasn’t what you thought it was?

[ad]I also thought of what Sopho’s blog about today where someone hijacked 2.2 Million redirect Urls using Cli.gs services to shorten links. I was reading through the Cli.gs blog about the incident and it came from Canada but I don’t think the user of the website who had all that traffic was involved in any way shape or form to the hacking of Cli.gs website. I personally think this was done to prove a point and it is a very good point.

That in the future there will be someone to redirect links to a malware site and it won’t be pretty. Think about it any shorten url service like Tinyurl or others who could have their links all be directed to a website. that is a big number and it worries me. Let us go through the numbers a little bit and see. 98.2% of people go to Tinyurl.com and don’t preview the url first. Half of the clicks in Bit.ly are coming from the US, which means we are more at risk of clicking on a link that could be a virus or malware.

Now I know people don’t have time to check out all the links or forget to check before they click. So I have a few plugins that might help with this. LongUrl Pluggin Can use 72 different web services including Bit.ly, Tinyurl, Cli.gs, and a bunch more. This is a good little plugin to help prevent yourself from clicking those links that you are unsure of. I would also recommend getting a [intlink id=”2205″ type=”page”]Free Anti-virus and Free Firewall[/intlink] to better protect yoru system. I wouldn’t use Internet Explorer it seems that is more easier to infect with malware than Firefox. [intlink id=”3668″ type=”post”]Firefox still has to worry[/intlink] but not as much.

Twitter Spam attempt: “See the NSFW pics twitter deleted from my profile here”

PaulMay 1, 2009

Looks like this might have been a improper adult content or maybe a Malware attack:

[ad#cricket-right-ez]If people are wonder what NSFW means:

Not suitable/safe for work (NSFW), not work-suitable/safe (NWS), or not school-suitable (NSS) is Internet slang or shorthand. Typically, the NSFW tag is used in E-mail, movies (such as on Youtube) and on interactive discussion areas (such as internet forums, blogs and community websites) to mark URLs or hyperlinks which may be sexually explicit or include audio containing profanity, helping the reader avoid potentially objectionable content.
[via Wikipedia]

It looks like this was done with using Tinyurl and has been flagged for either Spam, Fraud, Malware, or Any other use that is illegal. I am glad Tinyurl did catch this and stop it. If you see something that say NSFW in your twitter account your best bet is to delete it and go on with your life. I am sure it is something your should not go to probably because it was a malicious way to get your to go to the link. If you want to preview the urls that are used by Tinyurl, just visit the preview feature. If anyone else hears of some kind of Twitter attempt let me know and I’ll blog about it. This would be the best time to install [intlink id=”2205″ type=”page”]Free Anti-virus and Free Firewalls[/intlink] to help prevent from getting Viruses or Malware.

The Seriousness of the Twitter Vulnerability?

PaulMarch 25, 2009

The main question is how much do you want to know about this? Yes I am talking about a Vulnerability that could risk your twitter account or even yet inject malious software into the computer.

[ad#cricket-right-ez]We’ve seen that there have been [intlink id=”2650″ type=”post”]twitter phishing[/intlink] in the past, and [intlink id=”3008″ type=”post”]Facebook phishing[/intlink] have made people wonder out much do we depend on Twitter.

Lance James and Eric Wastl have provide Proof of Concept for this vulnerability, according to Information Weekly:

James cautions that XSS vulnerabilities should be taken seriously because they can reach beyond Web pages. “A lot of people think XSS is limited to the Web,” he said. If there’s another vulnerability in the victim’s browser, the Twitter flaw could be used to launch additional malicious code, he explained.

As you can see there is more to this problem then meets the eye. For one using the [intlink id=”2980″ type=”post”]URL redirects[/intlink] could be one way this could be used. No telling what other vulnerabilities lay for the client side twitter programs. Twitter has a long way to go to be security minded, and yet Twitter hasn’t said what they will do to fix this problem.

I for one would like to see this problem fixed just as quickly as possible due to the security risk involved to me, the consumer. Twitter needs to jump on this and fix it to prevent any more attacks against there twitter audience. Although it doesn’t hurt to have [intlink id=”2205″ type=”page”]Anti-virus And a good firewall[/intlink], it all depends on End user to prevent this for the time being.

Come on Twitter, Fix this problem.

TINYURL being used by scammers and hackers — How to prevent it!!

PaulFebruary 25, 2009

With Phishing attempts going on with the TINYURL redirect website, I thought I would show you how you could prevent from going to a site you don’t want. Tinyurl.com has a great little feature, although it is a feature based on your cookies. It however will help prevent you from going to a site that you don’t know anything that about. It’s called the Preview Feature, and is available to any user who wants to use it.

As you can see if you enable it and you go to a click on a tinyurl, you will see this:

http://tinyurl.com/6t7ukk

[ad#ad2-right]As you can see, if you click any TINYURL links you will automatically be told where that link is redirecting you to. This however only works with there being a cookie left behind in your system to let tell Tinyurl that is has to show the link first. So if you clean your cookies out from time to time, you will need to enable it every time after you clean the browser cookies. This will help prevent you from being phished because you will be able to tell if it is the right site in the first place. If not then you don’t have to visit that site. This should be enabled on all Short URL Sites, I hope they make it a mandatory for any site that redirects. This would help stop phishing and scammers because they can’t hide behind unknown url. Only time will tell though, these sites are always going to have problems but this would solve so many problems.