[NTLK] Security issues with abbreviated URLs

From: Frank Gruendel <newtontalk_at_pda-soft.de>
Date: Wed Mar 11 2009 - 13:01:11 EDT

Hi gang,

many of us (thank God) are considerate enough to
make very long urls small so that they can be more
easily handled in a mailing list like ours. One of
the best sites offering this as a service is
tinyurl.com.

However, there is an inherent danger here. Harmful
links can easily disguised that way. Plugins like
Google or Safe Browser will consider these URLs
harmless because they come from a domain (like e.
g. tinyurl.com) that is considered safe.

To give you an idea of what might happen, simply
click this link

        http://tinyurl.com/anrwf7

and check in the address bar where you end up.
Don't worry, you will get a 404 error since this
page does not exist, but it COULD have existed.

What you might not be aware of is that there is a
way to safety...

Add "preview." to the URL like this:

        http://preview.tinyurl.com/anrwf7

That way tinyurl will tell you where you would end
up before it is too late.

Frank

-- Newton software and hardware at
http://www.pda-soft.de

====================================================================
The NewtonTalk Mailing List - http://www.newtontalk.net/
The Official Newton FAQ - http://www.splorp.com/newton/faq/
The Newton Glossary - http://www.splorp.com/newton/glossary/
WikiWikiNewt - http://tools.unna.org/wikiwikinewt/
====================================================================
Received on Wed Mar 11 13:00:28 2009

This archive was generated by hypermail 2.1.8 : Wed Mar 11 2009 - 23:36:26 EDT