Short URL: The invisible threat or maybe not?

I have recieved a curious mentions in twitter from @itxaka user, that said:
"Feels weird to follow sec people and click on their pdf and shortened links.@secbydefault @Securityartwork @seguridadxato2 @sergiohernando"
This mention has encouraged me to write this post!


A lot of times, preferably in twitter service, we usually short URL for reducing characters in the tweets. However, this use can be unsafe and used for bad intent, like phising, browser exploit or even spam.

This security isssues are not new, but, sometime when we are following security reseachers or infosec people comes the following quiestion. Can we trust in the short URL what they share with all us? the anwser is not easy, each one have to do an "act of faith" not? Really? Do you think it necessary do an "act of faith"?

There are some security tools for avoid to have to do an "act of faith" when you are following anyone in twitter or any other social network. I'm talking about URL expander add-ons.

Tools for checking the Shortened URLs Automatically through Browser Add-Ons:


The "" have an add-ons for Mozilla Firefox Browser that can check the Short URL for you.

Donwload Add-on.
*But now seen doesn't work.

I prefer! Firefox Add-ons! | I can confirm that work fine on Firefox v10.

Donwload Add-on.
Usage is simple, the extension check automatic the short link when mouse is over it.

Example screenshots.

Google Chrome

LinkPeelr is the add-ons for Chrome that allow you know long URL before you click it. Even, this extension can process short URLs with multiple levels of indirection.

LinkPeelr takes any short URL and reveals the actual long link behind it.

Download Chrome Add-on.
Only, I have to add, it seems doesn't work in twitter website, becasuse when I put mouse on short URL link, doesn't show anything! But, I can try it out with other website with short URL and work! This is can be a bug in extension!.

McAfee Short URL Service

If you don't want to install this type of extension, maybe you can want use the McAfee Secure URL Shortener, this new service of McAfee allow you create secure "short" URL. [Chrome][Firefox].

!Be careful out there!

0 comentarios:

Publicar un comentario