nanog mailing list archives
Re: How long is your rack?
From: David Miller <dmiller () tiggee com>
Date: Mon, 15 Aug 2011 20:32:45 -0400
On 8/15/2011 6:00 PM, Matthew Palmer wrote:
On Mon, Aug 15, 2011 at 11:37:37AM -0400, Randy Bush wrote:more likely a 'shortened' url. how anyone can click those is beyond me.I'm curious what your objection is.i have no assurance that a shortened url does not lead to a malicious site. also your privacy issue, but that is secondary.Given the rate of publicised defacements of all manner of sites (and that injecting malware into a page is the exact same thing as a clear defacement, from an execution point of view), a long URL gives you no greater assurance of protection from malice.
True. A long URL does not guarantee protection from malice.However, you would likely *not* visit a link to obviousmalwaresite.example.com. In fact, I would guess that even a reasonable percentage of the clueless would not click a link to obviousmalwaresite.example.com.
Camouflaging obviousmalwaresite.example.com behind a URL shortener and/or several layers of redirection (which is all that a URL shortener is in the end) will increase the number of clicks. This is obviously why spammers/scammers use them.
Your spam filtering may block emails with links to obviousmalwaresite.example.com, but does it also expand short URLs and then block on the final destination? Or do you simply block all emails with short URLs in them?
Expanding a short URL merely raises the bar slightly by getting you to the long URL... which gets us back to - whether or not you would click on obviousmalwaresite.example.com. A tool like longurl.org will give you the full redirection chain and things like Titles and Meta data for the final destination. If you like, you can go directly to the destination bypassing potential redirection-redirection (i.e. redirecting a portion of visitors differently than others).
For example:http://t.co/7wP9W2j == Good || Bad -> http://longurl.org/expand?url=http%3A%2F%2Ft.co%2F7wP9W2j
FYI: I lock the doors of my car despite the fact that a fair amount of the 'security' of the external surface of the car is provided by panels of glass.
-DMM-- maintainer of longurl.org in my spare time (instead of building a data center in my house :-) use the web site, use the API, or download the code and run your own server (the code is opensource)
Current thread:
- Re: NANOGers home data centers - What's in your closet?, (continued)
- Re: NANOGers home data centers - What's in your closet? Leo Bicknell (Aug 14)
- How long is your rack? Lyndon Nerenberg (VE6BBM/VE7TFX) (Aug 14)
- Re: How long is your rack? Joe Greco (Aug 14)
- Re: How long is your rack? Charles N Wyble (Aug 14)
- Re: How long is your rack? Randy Bush (Aug 15)
- Re: How long is your rack? Leo Bicknell (Aug 15)
- Re: How long is your rack? Steven Bellovin (Aug 15)
- Re: How long is your rack? Randy Bush (Aug 15)
- Re: How long is your rack? Dave CROCKER (Aug 15)
- Re: How long is your rack? Matthew Palmer (Aug 15)
- Re: How long is your rack? David Miller (Aug 15)
- Re: How long is your rack? Greg Ihnen (Aug 15)
- Re: NANOGers home data centers - What's in your closet? Leo Bicknell (Aug 14)
- Infection vectors Charles N Wyble (Aug 15)
- Re: How long is your rack? Valdis . Kletnieks (Aug 15)
- Re: How long is your rack? Charles N Wyble (Aug 14)
- IPv6 Real World Maturity (was re: How long is your rack?) Tim Wilde (Aug 14)
- Re: IPv6 Real World Maturity (was re: How long is your rack?) Paul Graydon (Aug 14)
- Re: IPv6 Real World Maturity (was re: How long is your rack?) Owen DeLong (Aug 14)
- Re: IPv6 Real World Maturity (was re: How long is your rack?) Tim Wilde (Aug 15)
- Re: IPv6 Real World Maturity (was re: How long is your rack?) Owen DeLong (Aug 15)
- Re: IPv6 Real World Maturity (was re: How long is your rack?) Cameron Byrne (Aug 15)