Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Short URL sites targeted by hackers

Sophos : 17 June, 2009  (Technical Article)
Cligs URL shortening site hack redirects millions to Twitter blog serving as warning to users of URL shortening services
IT security and control firm Sophos is advising computer users to be wary of shortened URLs and to consider running a plug-in that will expand links before clicking on them. The warning follows news that Cligs, recently ranked as the fourth most popular URL shortening service on Twitter, has been hacked and on Sunday was redirecting millions of cli.gs links to a story about Twitter hashtags by blogger Kevin Sablan of the Orange County Register.

Sophos experts note that URL shortening services like TinyURL, bit.ly and is.gd have increasingly become part of many computer users' everyday lives with the surge in popularity of micro-blogging websites like Twitter.

Sablan noticed the unexpected rise in traffic on Monday morning and has subsequently blogged about the experience of having 2.2 million links temporarily pointing to his blog post. A statement on the Cligs website suggests that a security vulnerability in its edit functionality allowed a malicious hacker to change the destination of millions of shortened URLs. The company also admitted that it hasn't been getting daily backups since early May.

'While Cligs is nowhere near as popular as the likes of TinyURL, it is still used by a substantial number of people, so you can imagine the disruption that can be caused if links no longer go where they are supposed to,' said Graham Cluley, senior technology consultant at Sophos. 'These services are becoming indispensable with more and more people using Twitter and needing to make their point in 140 characters or less, but this is not the first time we have seen spammers and hackers abusing these systems. While it's not clear what the intentions of the fraudsters were in this case, they could have easily redirected millions of shortened URLS to a website hosting malware. While these services should be making their systems as secure as possible, similar incidents are likely to happen again, and so it's important that computer users don't automatically trust links on websites like Twitter.'

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo