Following friends, rivals on Twitter? Read this

By on
Following friends, rivals on Twitter? Read this

If you've started following companies on Twitter, here's an important tip that could save you falling for a scam

Twitter can be a very effective way of spreading the word about your business, but if you use it to follow other people or rival businesses, you should be aware of a risk involving a very common practise.

URL shortening services seemed like a great idea when they first appeared, especially if you're printing web addresses in a booklet or brochure, or anytime you need to to either write down or type in a very long URL. And they became almost essential when Twitter came along with its 140-character messages.

But the bad guys started using them to help disguise web pages where they were trying to lead people, and so some people started avoiding shorteners as much as possible.
The risk
Now Henning Klevjer, an information security student at the University of Oslo, has shown how the data for an entire web page can be encoded as a URI (Uniform Resource Identifier), which can then be spread via a link shortening service.
This means an entire web page can be encoded into a URI (without getting any more technical, URLs are a subset of URIs). Then that URI can be disguised by using a URL shortening service.
Why should you care?
Even if that doesn't mean anything to you, here's why this matters - normally, if you are running a decent security program, it should recognise malicious URLs used by the attackers and block them (or warn about them).

But with a shortened URI, there is no 'destination' server that can be categorised in this way - the phishing page (etc) is part of the URI itself. In theory, security software might not be able to protect you. Click the link, and you could be exposing your computer to a security risk. (That said, apparently Chrome will refuse to open a redirected URI, though Firefox, among others will open it.)

Klevjer's paper shows how a Wikipedia phishing page (a page concerning the topic of tricking users into entering private details like passwords) can be transmitted as a 24,682 character URI. A lot of people would be suspicious if they saw such a long link an email. But thanks to URL shorteners, potential victims can be presented with a link that's just 26 characters long.
If you use Twitter, it's practically impossible to avoid shortened URLs completely. But if you see them in emails or on web pages, ask yourself why someone has gone to the extra trouble of shortening them when it would have been easier and quicker to paste the real (full) URL instead.
[Main article image 1000 Words /]
Copyright © BIT (Business IT). All rights reserved.

Most Read Articles


What would you like to see more of on BiT?
How To's
Photo Galleries
View poll archive

Log In

  |  Forgot your password?