SHORTENED URLS: A RISKY CLICK

20. January 2011, 17:24 | by WD Milner | Full Article |

Recently security software vendor McAfee Inc. has been warning of the security risk of shortened URLs for use on social media sites such as Twitter.

“With the growing phenomenon that is social networking and instant communication, the popularity of shortened URLs in a limited character space is a ripe opportunity for cyber criminals. People click on things and they really don’t know where they’re going to go, or what they’re going to get, It’s an incredibly lucrative business for hackers (When will people stop misusing this term? — WDM), who can easily drop malware on unsuspecting Twitter users in order to reap private information. The challenge on the security side is that the illegitimate sites and mixed in with legitimate ones. And illegitimate sites often morph to avoid detection. It’s a constantly moving target,” — Jim Galpin, McAfee’s manager of Canadian consumer sales.

This is nothing new, except the rising prevalence in use on social networking sites. Many of us who work in the security arena have long warned clients and users about the dangers inherent in clicking on shortened URLs . For Firefox users there are a number of add-ons that can reveal the actual destination URL before you actually visit the site. Other options include sites like UnTiny, or Long URL Please.

This, tied to the increasing use of geo-location, in social networking sites, and malicious sites, for tracking user location and you can escalate attack vectors to a new level. While geo-location based on IP isn’t always accurate, when collated with other identifiable information it can often provide the additional data to improve the specificity of an attack. Unfortunately, there is little the average user can do to mitigate the use of geo-location. Perhaps the easiest solutions are the use of a VPN, through an anonymous routing system such as the SecureSessions browsing service bundled with the Personal and Enterprise products from IronKey, or through the public TOR network sponsored by the Electronic Frontier Foundation. Note that the public TOR network is not without dangers of its own in the form of possible malicious or government sponsored interception nodes.

As more and more people move to social networking, and the use of “smart” devices such as the Apple iPhone and iPad, smartphones like the new crop of Android based devices become increasingly prevalent, especially in the enterprise, these threats will continue to grow and migrate to new platforms. The ever present job of security practitioners is to educate the users of such devices on the risks and how best to meet them. Sadly, this seems a constant uphill battle when consumers are interested in convenience, fun and the “cool” factor, and businesses in the bottom line, more than safety and security of both their own data, and potentially others.

- 30 -

Categories: ,
Keywords: shortened URL,geo-location,security,risk,privacy,McAfee,social networking

Comments


 



Textile help
 
* Indicates a required field.

As a SPAM prevention measure, comments are moderated and will be posted once vetted.

 

Article & Comments


Comments are not enabled for all articles or documents.

Article Navigation
|

Categories

Business
Communications
Electronics
Entertainment
Environment
Government
Internet and WWW
Miscellany
Music and Audio
News
Photography
Privacy
Psychology
Security
Society and Culture
Stage and Screen
Technology
Theology
Tips and Tricks
Web Design
Web Site


The Birches - Milner.ca Support Child Safety Online

 

 
 
 Help to FIGHT spam!
 • 
  •
•••