Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Twitter moves to protect against TinyURL attacks

It’s been a topic of conversation for a while now. The use of TinyURL’s within Twitter and other social media sites. For those of you who don’t know what a TinyURL is, I’ll give an example.

I want to post you a link to my website, however with Twitter I only have a maximum of 140 characters. To maximise the space and make things easier for users, the Twitter gods decided to convert the (usually) long links into a smaller link using the TinyURL service. You can checkout the service for yourself. You simply paste in the long link and get back a smaller one that still works the same way.

FULL URL –> https://c22blog.wordpress.com/2009/02/07/mobile-devices-lowering-web-security/

TinyURL –> http://tinyurl.com/btsfs5

As you can see, the second one is a lot easier to read and pass on. Anyway, back to the point at hand.

Twitter have implemented a new feature (currently restricted to their search.twitter.com area) that adds an [expand] button after the TinyURL. As you can imagine, this allows you to expand the link and see where it really points to. This is obviously a good thing for security, as you never know where that TinyURL could take you. XSS attacks are all around us 😉

Expand link --> search.twitter.com

Expand link @ search.twitter.com

contract link @ search.twitter.com

contract link @ search.twitter.com

Here’s hoping that the feature comes to the standard Twitter time-line soon.

Comments are closed.

%d bloggers like this: