Home > Security > Why shortened URLs are dangerous

Why shortened URLs are dangerous

Hundreds of millions of URLs are being shortened using services like TinyURL, Snipurl, and Bit.ly (comparison). (Unrelated, but “.ly” is for sites in Libya, although the Bit.ly server is located in Colorado).

Sure, these short and easy to remember links are convenient, but they do pose a significant security risk.

When you click on a link to one, you don’t know what site that you’ll be taken to. You could be taken to a site like ErrorSafe, which was a distributor of the infamous WinFixer scareware that has since been shut down by the U.S. Federal Trade Commission (I had a close call with it in 2007). There are, however, tools to prevent this. TinyURL offers a preview feature, (but only 1.7% of visitors utilize this feature) and Bit.ly offers a Firefox extension.

ZoneAlarm has gone an extra step to warn users about sites shortened by TinyURL, notifying users that “TinyURL may be unsafe. This website has been known to distribute spyware”. This prompted Gilby Productions, who owns TinyURL, to add the preview feature.

The users probably most vulnerable to insecure shortened addresses are those on Twitter. Twitter shortens longer URLs to shortened ones (to keep tweets shorter). Users who are careless and without an extension could be directed to sites that distribute, viruses, scareware, scams, spam, or exploits.

Categories: Security
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: