nanog mailing list archives
Re: How long is your rack?
From: Steven Bellovin <smb () cs columbia edu>
Date: Mon, 15 Aug 2011 11:31:36 -0400
On Aug 15, 2011, at 10:12 21AM, Randy Bush wrote:
I've always wondered if the next cisco/juniper 0 day will be delivered via a set of exploits delivered via a link posted to NANOG. :) Maybe I'll do a talk at DEFCON next year about that.more likely a 'shortened' url. how anyone can click those is beyond me.
I'm curious what your objection is. Mine is privacy -- the owner of the shortening site gets to see every place you visit using one of those. I don't think there's a significant incremental security risk, because the URL you click on doesn't tell you what you'll receive in any event. Case in point: https://www.cs.columbia.edu/~smb/SMBlog-in-PDF.pdf does *not* yield a PDF. (As far as I know, it's a completely safe URL to click on, but I can't guarantee that someone else didn't hack my site. I, at least, haven't put any nasties there.) Yes, when you avoid shortened URLs you get some assurance of the owner of the content. Given the rate of hacking -- is anyone really safe from a determined amateur attack, let alone state-sponsored nastiness? -- and given the amount of third-party content served up by virtually all ad-containing site, you really have no idea what you're going to receive when you click on any link. --Steve Bellovin, http://www.cs.columbia.edu/~smb
Current thread:
- Re: NANOGers home data centers - What's in your closet?, (continued)
- Re: NANOGers home data centers - What's in your closet? Thomas Crowe (Aug 12)
- Re: NANOGers home data centers - What's in your closet? Leo Bicknell (Aug 12)
- Re: NANOGers home data centers - What's in your closet? Thomas Crowe (Aug 12)
- Re: NANOGers home data centers - What's in your closet? Jeffrey S. Young (Aug 12)
- Re: NANOGers home data centers - What's in your closet? Leo Bicknell (Aug 14)
- How long is your rack? Lyndon Nerenberg (VE6BBM/VE7TFX) (Aug 14)
- Re: How long is your rack? Joe Greco (Aug 14)
- Re: How long is your rack? Charles N Wyble (Aug 14)
- Re: How long is your rack? Randy Bush (Aug 15)
- Re: How long is your rack? Leo Bicknell (Aug 15)
- Re: How long is your rack? Steven Bellovin (Aug 15)
- Re: How long is your rack? Randy Bush (Aug 15)
- Re: How long is your rack? Dave CROCKER (Aug 15)
- Re: How long is your rack? Matthew Palmer (Aug 15)
- Re: How long is your rack? David Miller (Aug 15)
- Re: How long is your rack? Greg Ihnen (Aug 15)
- Infection vectors Charles N Wyble (Aug 15)
- Re: How long is your rack? Valdis . Kletnieks (Aug 15)
- Re: How long is your rack? Charles N Wyble (Aug 14)
- IPv6 Real World Maturity (was re: How long is your rack?) Tim Wilde (Aug 14)
- Re: IPv6 Real World Maturity (was re: How long is your rack?) Paul Graydon (Aug 14)