URL shortening services give hackers a new entry point


With the explosion of social networking and microblogging services, URL-shortening sites have became more very popular, and many do not require users to register or complete a CAPTCHA graphical challenge-response test. Because domains like Bit.ly and TinyURL are “trusted,” their use allows spammers to evade the typical filters that would otherwise detect and quarantine the messages. What’s more, shortened URLs in tweets and other places are so common that many of us click on them without thinking. Even more sophisticated users who would otherwise recognize a dubious URL don’t think “malware” when seeing a shortened URL in a tweet or Facebook message. (It’s worth noting that some URL-shortening services, including TinyURL, have a preview feature that when enabled shows users where the link will take them.) The problem is becoming a greater concern for IT as more and more users bring their social networking tools and habits to work.

Enhanced by Zemanta