Obfuscated What?
Tuesday, April 6, 2010 15:08
Despite its complicated pronunciation, the word obfuscate merely means is to change, alter, modify, or obscure. In business, you probably use this more than you think. On the web, businesses often use URL shortening services which take a long URL (website address) and make it a short one. These shorter URL’s are then used in an e-mail or instant message, on a blog, or on social media sites such as Facebook. Twitter is probably one of the most popular places URL shortening (obfuscated URL’s) services are used since you are limited on the number of characters you can put in each tweet. I have also seen it used in e-books and other informational products that are downloaded off the web. URL shortening services hide the original and often long URL.
The Security Issue With URL Shortening Services
URL shortening services are used because long URL’s sometimes have to be cut and pasted, the shorter ones look nicer, and they can help people avoid a broken URL in an e-mail message or instant message. There are risks to using shortened URL’s, however.
If you click on a shortened URL link, you are then redirected to the original longer URL. You don’t know what site that is until you click on it. This allows spammers to get past spam filters because the URL shortening service website is usually a trusted website. Also, most spam filters look at URL’s to determine if the e-mail might be spam. With URL shortening services, this cannot be done by the spam filter. Shortening services also help bypass Google Safe Browsing that is used by the Firefox and Google Chrome browser. Phishing attacks can take advantage of URL shortening services by again hiding the real site the user will be redirected to. Being redirected to an unknown site also helps attackers who have infected or set up websites that will try and download malware when you go to them.
Security Measures
The easiest method to determine whether you should click on a shortened URL link is to install a Firefox LongURL add-on. This requires that you use the Firefox Browser which I recommend for other reasons as well. The add-on will show you the original long URL when you hover the mouse over it. This way you can make a judgment call on whether you should click the link or not. If you are not using Firefox, you could go to the ExpandMyUrl or LongURLPlease websites.
Some URL shortening services also provide a preview function. There are over 90 URL shortening services available at this time, however, and not all of them have preview capabilities. Those that do usually require the person that is sending you the shortened link to enable the preview function.
Always take care before opening any e-mail attachment, but also train yourself and your staff to be careful before they click on a shortened URL.
Are there other tools out there that you have discovered or used to successful know what website you are being redirected to before clicking on the shortened URL? If so, please leave a comment and share with other readers of Business Security Information.
Related posts: