Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Tag Archives: Technology

Twitter moves to protect against TinyURL attacks

Comments Off on Twitter moves to protect against TinyURL attacks Posted by on February 7, 2009

It’s been a topic of conversation for a while now. The use of TinyURL’s within Twitter and other social media sites. For those of you who don’t know what a TinyURL is, I’ll give an example.

I want to post you a link to my website, however with Twitter I only have a maximum of 140 characters. To maximise the space and make things easier for users, the Twitter gods decided to convert the (usually) long links into a smaller link using the TinyURL service. You can checkout the service for yourself. You simply paste in the long link and get back a smaller one that still works the same way.

FULL URL –> https://c22blog.wordpress.com/2009/02/07/mobile-devices-lowering-web-security/

TinyURL –> http://tinyurl.com/btsfs5

As you can see, the second one is a lot easier to read and pass on. Anyway, back to the point at hand.

Twitter have implemented a new feature (currently restricted to their search.twitter.com area) that adds an [expand] button after the TinyURL. As you can imagine, this allows you to expand the link and see where it really points to. This is obviously a good thing for security, as you never know where that TinyURL could take you. XSS attacks are all around us 😉

Expand link --> search.twitter.com

Expand link @ search.twitter.com

contract link @ search.twitter.com

contract link @ search.twitter.com

Here’s hoping that the feature comes to the standard Twitter time-line soon.

Security, Technology , , ,

Mobile devices lowering web security

2 Comments Posted by on February 7, 2009

iphone_kbd1It’s been over a month now since I finally made the move to an iPhone. For the last 6 months or so I’ve been using a Blackberry (with mixed results) but this was mostly business use. The one thing that struck me when I started using the iPhone for Internet use, reading blogs, and access services like twitter, was the keyboard. I know it sounds strange, but having to click through 3 different menus just to get to the special keys portion of the keyboard puts a serious dent in your typing speed. Once you’re used to things, then it’s OK to work with. However this started me thinking how many average users of the iPhone (or blackberry, Nokia, G1, <insert current mobile device of the week here>) have given up constantly typing their suitably complex web-mail or forum password and changed it to something easier and quicker to enter on a mobile keypad.

With things constantly moving towards mobile computing (like it or not) the input of passwords will become more and more of an issue. Devices are getting smaller and smaller, keyboard and input is moving from the standard layout, to miniature input, gestures, and handwriting recognition. These are difficult enough to deal with as it is, without having to make sure you get it 100% correct. After all, you can’t having a spelling mistake in your password and get away with it.

So, how long before we start to see a shift in password use on web-services to more mobile friendly passwords. For example, those displayed on the main iPhone keypad. This means no special characters or numbers. Unless the web-service forces strong passwords, users will go with convenience over security most of the time. This is just human nature. This increasingly limited input range will it easier to brute-force the passwords of mobile users and reduce overall security. Just as we’ve finally started to get the general public to embrace complex passwords. One step forward, and two steps back.

Hopefully this doesn’t spell a return to the use of “god”, “sex”, “love” and “secret” as our main passwords of choice.

Security, Technology , , ,