Would you like to react to this message? Create an account in a few clicks or log in to continue.

Avoid the security risk of shortened URLs

Go down

Avoid the security risk of shortened URLs  Empty Avoid the security risk of shortened URLs

Post by TexasBlue Thu Nov 25, 2010 6:18 am

Avoid the security risk of shortened URLs

Avoid the security risk of shortened URLs  Fred-Langa-1ByFred Langa
Windows Secrets

The compact URLs produced by services such as TinyURL, bit.ly, is.gd, and many others are convenient and save space, but they can also be used to hide the identity of malicious sites.

Fortunately, there are several ways to peek behind a shortened URL to see exactly where the link will take you — before you click it!

In fact, every URL-shortening service I'm aware of offers one or more ways to preview the real destination of a shortened link.

For example, here's a typical bit.ly URL that I created. All it does is take you to the windowssecrets.com home page, but there's no way to know that in advance — it's a blind link:

http://bit.ly/10Sjt

Let's say that (gasp!) you don't trust me, so you want to see where the link really goes before you click it.

It's easy: all you have to do is copy the link, paste it into the address bar of any browser window or tab, and add a plus sign to the end, like this:

http://bit.ly/10Sjt

Adding a plus sign to the end of any bit.ly URL brings you to a special bit.ly page that shows you information about the link, including the full, expanded URL. Using the information on that bit.ly page, you can decide whether the link is safe and worth following.

TinyURL has a similar option. But instead of adding a plus sign at the end of a link, you prepend the word preview. For example, here's a regular TinyURL link to the Windows Secrets home page:

http://tinyurl.com/6u5ba

Copy that link into the address bar of your browser and add the word preview:

http://preview.tinyurl.com/6u5ba

Now the link will bring you to a preview page that displays the full, expanded URL. (See Figure 1.)

Avoid the security risk of shortened URLs  W20101125-TS-TinyU
Figure 1. Like all the other major URL-shortening services, TinyURL offers an easy way (circled in yellow) to preview the true destination of a shortened link.

TinyURL also offers a cookie-based option that makes previewing automatic for every TinyURL link you click. To set the (harmless!) preview cookie on your PC, click here:

http://tinyurl.com/preview.php?enable=1

All the major URL-shortening services have similar ways of letting you preview what's behind their URLs. Security researcher Joshua Long has compiled an excellent free guide, "How to preview shortened URLs (TinyURL, bit.ly, is.gd, and more)."

Of course, if you're checking lots of links, it can be clunky to manually copy, paste, and edit URLs. Several sites offer automated scripts to make things a bit easier. For example, when you encounter a suspicious short URL, you can click to Longurl, ExpandMyURL.com, or Long URL Please.com.

Paste the suspect short URL into these sites' dialog boxes, and they'll show you the full, expanded link.

You also can Favorite or Bookmark those sites to further automate the process of link-checking.

Going a step further, Firefox users can install the bit.ly preview add-on (download site) to allow previewing of short URLs without needing to leave the page you're on. Despite the name, the add-on works for many URL-shorteners — not just bit.ly.

Chrome users can download (page) a similar extension for that browser.

I know of no fully automated preview tools for Internet Explorer, although several URL-shortening apps are available in the Microsoft IE Add-ons Gallery. Just type url into the search bar.

Note that this level of link-checking usually isn't needed when you're clicking on normal links from sites and people you know and trust. But it's smart to be wary of suspicious links or links with unknown provenance.

When in doubt, check it out!
TexasBlue
TexasBlue

Avoid the security risk of shortened URLs  Admin210


Back to top Go down

Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum