December 5, 2011
Twitter’s Free iPad 2 Scam (with a twist)

Someone, something going by the handle @mahanarfmhul3 (a.k.a Mahana Cox) sent me the following message on Twitter:

As of this writing, @mahanarfmhul3 began emitting tweets about two hours ago with a frequency of 1 tweet every 3~5 minutes. The account totals 26 tweets. 19 of them are of the same kind I received:

While the remaining 7 look harmless ; most probably to thwart Twitter’s algorithms for detecting SPAM and phishing attempts. 5 of these “innocuous” tweets are written in English while 2 are in Spanish:

I highlighted a tweet apparently addressed to someone called AdamWeitner. Except that Adam Weitner is not following “Mahana Cox”. And the tweet is not addressed properly to him since the @ sign is not used as a prefix.

Now let’s look into the phony link I received: tinyurl(dot)com/6v5g4wz. Since it’s a TinyURL shortened link, we can preview it by prefixing the URL with preview:

Now that we have the URL behind the shortened link, we can dig a bit further. whois tells us that the domain is very fresh as it was created on Dec 4, 2011 through GoDaddy.

McAfee’s Threat Intelligence and MalwareDomainList do not have identification data (yet) for this URL.

However, Wepawet finds some interesting results:

ipadzu(dot)net seems to be yet another site hosting one of those numerous Free iPad2 scams that are running rampant on Twitter. WOT gives it a poor reputation:

This shows once more why it is unsafe to click on URLs, shortened or otherwise, before doing some basic checks.

During the course of this investigation, no animal was harmed. However, it seems that LongURL have some funny results to say the least:

Sorry Mehana, I am not interested in your free iPad 2 and I’ve flagged you as a spammer with Twitter.

11:52pm  |   URL: http://blog.upbeat.fr/post/13796581134/twitters-free-ipad-2-scam-with-a-twist
(view comments
(No. OF NOTES: 7)
  
FILED UNDER: spam scam Twitter phishing shortened URL tinyurl check security 
February 22, 2010
URL shorteners and link opacity

In the era of the compressed and ephemeral thoughts, Twitter let us share 140 char long messages and that’s pretty small (and can’t really qualify as a fully-developed thought IMHO).

Given this constraint, people often use URL shorteners such as Bit.ly or Tinyurl.com to makes hyperlinks as short as possible, saving some room for a few words here and there in their tweets.

I don’t question the usefulness of these services in this usage context. However, they introduce a non-desirable property from a security standpoint: opacity. A shortened link is an opaque link. We don’t know where it links to before clicking on it.

security-savvy users often hover their mouse pointers over an hyperlink to see where it leads before deciding whether they should click on it or not. There are even security awareness courses and security best practices that recommend doing so. But this no longer work with shortened links.

There are URL shorteners such as Tinyurl.com and Budurl.com that provide some help to remove the opacity of the links they produce by offering a preview link.

For example, If I were to create a shortened link for my blog on Tinyurl.com:

If I shared this link as (http://preview.tinyurl.com/yd38uvv), you’d see:

But what can one do when they receive a Bit.ly shortened link given that -to my knowledge- there is no easy way to preview where it leads?

FireFox users can install the Bit.ly Preview extension that offers a workaround. It lets you hover a bit.ly link (and even tinyurl.com ones) and see where they lead to:

This extension also works on Google Chrome. But as you can see, it shows only part of the hyperlink if it doesn’t fit in the fixed size and non-configurable IFRAME loaded from Bit.ly. If you want to know more, you have to click on that More Information link. Moreover, it is necessary to have a Bit.ly user account since this extension use a unique API key associated with your account to query Bit.ly.

While offering a workaround, this extension also rises a few questions pertaining to privacy: Is it desirable to let Bit.ly know about the Tinyurl.com link you’ve just hovered your mouse pointer over? What about other links?

Even if I silence my security-conscious mind, I still see no global solution to this tricky problem. The above-mentioned extension only works on FireFox and Google Chrome. Opera, Safari and Internet Explorer are left out. Also, what about the sheer amount of other URL shortening services such as (http://is.gd/) (which lets you preview a shortened link by adding a # to it), (http://ow.ly/) (often used on Twitter, no easy way to preview so far) etc.?

Am I missing something?

6:34pm  |   URL: http://blog.upbeat.fr/post/405187487/link-opacity
(view comments
FILED UNDER: URL shortener Twitter Bit.ly Tinyurl.com Ow.ly Is.gd security Firefox Extension Chrome Google Chrome Internet Explorer Safari Opacity Opera 
Liked posts on Tumblr: More liked posts »