RSS Alerts

Related Links

Related Stories

  • Kaspersky Lab: watch out for Twitter-linked scamware
    Veteran IT security vendor Kaspersky Lab has warned internet users to be aware of rogue or scam software that purports to be an IT security application, but is merely a vehicle to extract revenue - and possibly even card details - from unsuspecting web users.
  • Twitter email account hack highlights cloud dangers
    Imperva, a data security specialist, says that last week's hacking of a Twitter senior executive's email account - details of which are now fully emerging - was the result of a combination of poor security practices and safeguards.
  • Twitter company files leaked in Cloud Computing security failure
    Twitter has once again been hit by a lapse of security, this time with a hacker posting a set of internal company documents from the Twitter site and service, lifted from the GoogleApps online data sharing and collaboration system.
  • Conficker and Facebook / Twitter attacks dominate Q1 email threats
    The Conficker worm and attackers’ social engineering techniques exploiting users on Facebook, Myspace and Twitter, dominated the email threats in the first quarter (Q1) of 2009, according to identity-based unified threat management (UTM) solutions provider Cyberoam and its Israeli messaging and web security partner Commtouch.
  • Bit.ly tools up to stop spam
    URL shortening service Bit.ly has announced that it will be using three new services to help secure its service from spam and malware.

News

Twitter quietly checks tweeted URLs - draws criticism

05 August 2009

Twitter has quietly started checking URLs entered into tweets (user messages) on its microblogging service and immediately flown into a barrage of criticism about its checking methodology.

As reported previously, Twitter has been criticised for allowing users to enter any and all web addresses into its messaging system, even where the destination web pages are infected with malware.

Now the Twitter microblogging service is reported to be verifying URLs entered using Google's safe browsing application programming interface.

Unfortunately, it seems the URL checking seystem cannot cope with shortened URL services such as Tinyurl and Bit.ly

According to Robert Macmillan of the IDG newswire service, whilst the new Twitter security feature blocks a URL that leads to a known phishing site, it still allows the site route when a URL shortening service is used.

The irony of this situation, Infosecurity notes, is that Twitter's posts are limited to 140 characters and the service encourages the use of URL shortening services to trim the length of Twitter messages.

All is not lost, however, as Infosecurity understands that the URL shortening services are themselves working on a number of security technologies, although this still would not stop a hacker from using an intermediary - and legitimate - web page to eventually route to an infected site.

 

 

This article is featured in:
Application Security Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water