What Danger Lay Waiting In Shortened URLs?

URL shortening services & Twitter clients need to add security checks before users lose confidence

When I first saw a shortened URL I was naturally suspicious. Working seven years for a security startup will do that to you. Though it hasn't become a major security threat, yet, I think that suspicion is warranted. Cnet news has a good article about this.

URL shorteners like TinyURL, Bit.ly, Tr.im and many others have come into their own, thanks to short message applications like Twitter and texting. Taking 22 characters for a URL can leave a lot more characters for message content vs. long, unwieldy URLs that could easily be 2, 3, 4 or more times longer . It's certainly useful.

But shortened URLs can easily mask nefarious and malicious URLs, from spammers or hackers. All that training we've given to users about not clicking links in emails from unknown senders, or at least first examining them carefully, seems to have gone by the wayside with shortened URLs. My experiences are that Twitter users click shortened URLs from Twitters they don't really know without a second thought.

It hasn't happened yet (or maybe it's happening right now, who knows), but I fully expected we'll see some major incidents where hackers create twitter accounts, use automatic following methods to gain lots of followers, spam them with nefarious links, then shut down and repeat the process all over again, staying one step ahead of any Twitter policy enforcers.

Link validation services are beginning to pop up. I'm testing a browser based one now from finjan. But I haven't seen a Twitter client or a plug-in that checks links in tweets. (If you know of one, I'd love to hear from you.)

URL shortening services and Twitter clients would be very smart to put in this type of link checking before we experience a major incident that causes IT shops to close down Twitter traffic and users to lose confidence in the security of clients and shortened URLs.

Like this? Here are some of Mitchell's recent posts.

Great Beginning and Intermediate Books Mitchell Recommends: Also visit Mitchell's other blogs and podcasts:

Visit Microsoft Subnet for more news, blogs, opinion from around the Web. Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.

IT Salary Survey: The results are in