Tuesday, June 30, 2009

URLs in short

There's an old saying that "a shortcut is the longest distance between two points". When it comes to "tiny" URLs, this is literally true. If you like to share interesting links with friends and family, you may find URL shortening services quite useful. If you like to send links via Twitter, SMS, etc., they are invaluable, due to the character length restrictions on messages. Of course, it hasn't taken long for bad guyz (and galz) to find these services invaluable in other ways. It only makes sense: why bother trying to scatter links to your malware all over a bunch of websites if you can hack one shortening services server and point ALL their hosted links somewhere else?

This approach also neatly addresses (bad pun not intended) the problem of canny websurfers who use anti-phishing tools, or who simply hesitate to clink a link that shows its true destination as "http://www.hacks4u" at the bottom of their web browsers.

Since URL shortening services require that you hand off control of where the shortened URL points to, and trust that your intended destination remains the actual one, the best defense is a good offense. If you send, choose your carrier carefully. If you receive, be aware of (and wary of) the delivery guy. The wrapping may be pretty, but as another saying goes, "beauty is only skin deep - ugly goes to the bone".

Update: More news keeps popping up on nefarious uses of shortened URLs. Tiny URL does offer a preview feature, and for one extra click, I would recommend its use. Do yourself, and the people you send links to, a favor. ;-)