How long is your rack?
dmiller at tiggee.com
Mon Aug 15 19:32:45 CDT 2011
On 8/15/2011 6:00 PM, Matthew Palmer wrote:
> On Mon, Aug 15, 2011 at 11:37:37AM -0400, Randy Bush wrote:
>>>> more likely a 'shortened' url. how anyone can click those is beyond
>>> I'm curious what your objection is.
>> i have no assurance that a shortened url does not lead to a malicious
>> site. also your privacy issue, but that is secondary.
> Given the rate of publicised defacements of all manner of sites (and that
> injecting malware into a page is the exact same thing as a clear defacement,
> from an execution point of view), a long URL gives you no greater assurance
> of protection from malice.
True. A long URL does not guarantee protection from malice.
However, you would likely *not* visit a link to
obviousmalwaresite.example.com. In fact, I would guess that even a
reasonable percentage of the clueless would not click a link to
Camouflaging obviousmalwaresite.example.com behind a URL shortener
and/or several layers of redirection (which is all that a URL shortener
is in the end) will increase the number of clicks. This is obviously
why spammers/scammers use them.
Your spam filtering may block emails with links to
obviousmalwaresite.example.com, but does it also expand short URLs and
then block on the final destination? Or do you simply block all emails
with short URLs in them?
Expanding a short URL merely raises the bar slightly by getting you to
the long URL... which gets us back to - whether or not you would click
on obviousmalwaresite.example.com. A tool like longurl.org will give
you the full redirection chain and things like Titles and Meta data for
the final destination. If you like, you can go directly to the
destination bypassing potential redirection-redirection (i.e.
redirecting a portion of visitors differently than others).
http://t.co/7wP9W2j == Good || Bad ->
FYI: I lock the doors of my car despite the fact that a fair amount of
the 'security' of the external surface of the car is provided by panels
-- maintainer of longurl.org in my spare time (instead of building a
data center in my house :-)
use the web site, use the API, or download the code and run your own
server (the code is opensource)
More information about the NANOG