HomeRoast Digest


Topic: OT: Sharpening - now tiny url exploite (6 msgs / 168 lines)
1) From: Rich
In regards to the URL shortening sites, a problem has popped up.  If you 
tend toward a degree of worry about your computer security you sholuld 
look slightly askance at these little tools.  It is quite possible to 
build one of these to send you to a fake website which will 
automatically load bad things on your machine bypassing your security 
software.  These are new exploits that have recently surfaced in the 
identity theft game.  The recommended approach is to know the source of 
the message that contains the shortened URL.  There are extensions for 
FireFox that will show you the original URL before you click it and 
there is a tool on the Tiny URL site that will do the same thing.
Angelo wrote:
<Snip>

2) From: Edward Rasmussen
Yes, even when the sender has provided a tinyurl, I use the method of
straightening out the full URL as I described below.  
I also thought it would be useful for others to be aware of that method
since so often, when an URL gets wrapped and a tinyurl hasn't been
provided, there will be a number of messages saying, "That URL doesn't
work."
Just trying to be helpful.
Ed

3) From: Rich
My only purpose in the info post was to make people aware that the 
shortened url could be a problem.  I also have the FireFox extension 
installed that puts the broken long url back together without user 
input.  Probably works in Safari also.
I am not rreal worried about a short url  from a known source.  It is 
the ones that show up that originate from unknown sources that cause 
concern.
Edward Rasmussen wrote:
<Snip>

4) From: rhazen
Rich makes a very good point.  I will not click on the shortened URLs just 
for the reason he describes.  To me, it's like being out in the sticks and 
putting your hand on a hot rock without looking.  Could be snakes up there!
It's not just the shortened links that can be a problem.  Legitimate-looking 
URLs in pfishing emails can actually direct you somewhere you don't want to 
go.  I use a program called Mailwasher to scrub my email on the server 
before it ever gets downloaded to my computer.  You can set up a 
friendslist, a blacklist and filters.  And it will show you a preview of the 
email in text mode if you want.  URLs are shown with their actual targets, 
so you can see if you'd be going somewhere other than you would otherwise 
think.  Standard disclaimer:  I have no association with them other than 
being a happy user.  They're at www.firetrust.com if anybody's interested.
Also, one more note about the long URL that could not be accessed.  When 
you're entering a long URL in an email, just bracket it on each end with 
either quote marks or < > as shown below.  You can simply cut and paste a 
URL and then add the symbols to each end.  This keeps the URL in one piece 
so you can still click on it even if it's several lines long.
"www.sweetmarias.com"   or  
I generally do it if the URL is half a line or longer, just because I don't 
know where the reader's email program wraps lines.
Bob

5) From: Brian Kamnetz
Adding either quote marks or < > to the ends of long url's is a handy
trick to know about. Thanks, Bob.
Brian
On Dec 31, 2007 1:17 PM, rhazen  wrote:
<Snip>

6) From: Dave
On Dec 31, 2007 2:11 PM, Brian Kamnetz  wrote:
<Snip>
Sometimes it works and sometimes it doesn't though.
-- 
Dave
Some days...
It's just not worth chewing through the leather straps


HomeRoast Digest