All A Jitter Over Twitter?
If you’ve used Twitter, you’ll be familiar with URL-shortening services such as tinyurl, is.gd, tr.im, and bit.ly.
For those who are not familar with Twitter at all, read on for a quick overview of the service, why people are using it for business purposes, and more importantly a few security related thoughts…
So What’s All This “Twitter” Chatter?
There’s a lot of people who just don’t get “Twitter”… maybe you are one of them.
The easiest way to find out for yourself is to simply go ahead and sign up (it’s free), and then start following a few people who you have an interest in.
Don’t just sign up to the usual suspects of online celebrities or “wannabies”, but as an example check out your favorite authors (e.g. Tim Ferris), or someone who is knowledgeable or influential in your field of expertise or business.
Instantaneous Knowledge & Feedback At Your Fingertips
The one piece of info that most Twitter newbie’s fail to grasp is that most users find the ‘search capability’ really useful.
Basically most of the third party twitter applications and websites provide the ability to search throughout the entirety of twitter (even if you are not following someone); which is great if you are trying to find information about someone or something. It’s awesome – think of it as instantaneous knowledge & feedback. There are lots of other ways people use Twitter – but think of this as just the tip of the iceberg.
The Competitive Advantage
From a work or business perspective, imagine if you wanted to research a particular topic, or see what people are saying about you, your company, your company’s competitors, latest market news, etc… it’s all there – as it happens. From a business perspective, some companies are starting to grasp this concept, and use it as a tool for their own competitive advantage.
Ok – so now that you know a bit about Twitter, what it offers, how some people are using it – what are the concern relating to URL shortening?
So What’s With the URL Shortening Services Anyway?
For those who are unfamiliar with using Twitter – you basically have only 140 characters available to post a message or link to your followers. Twitter users therefore rely on URL “shortening services” to shorten and share their favorite web page links, news stories etc:
So as an example, you might want to send a message (or tweet) containing a link to a web page or interesting news article you’ve just read.
Rather than sending the original lengthy URL such as:
You can shorten it to something like (leaving more space for your own message):
It’s a great service, however URL shorteners encourage people to click and use short URLs from within Twitter which they have no knowledge about.
URL Shortening in the hands of the bad guys
Unfortunately the bad guys are abusing the URL shortening services too.
Message Labs reports that the presence of short URLs in spam has skyrocketed in the last few days, and now appears in more than 2 percent of all spam messages, according to a post on the New York Times’ Bits blog.
It’s easy to use caution in an email message from someone you don’t know, and simply click delete when you are suspicious of a URL link, but applying that type of scrutiny to a shortcut link sort of takes the oomph out of Twitter. After all, most people are happy to follow people that they don’t actually know – people who have been recommended by friends, or friends of friends and have posted shortcut links to some interesting posts. Most click on their links regularly without giving it much thought.
Clicking on links posted by strangers then becomes a risk. It’s a risk some people aren’t prepared to take, are you? If short URL spam becomes a bigger problem, then will the power of Twitter diminish significantly?
The Scary Propellerhead stuff (skip to the “So Now What?” section if not interested)
From a technical perspective, the shortened URL actually redirects to a “real” URL, of which has to go through the same network infrastructure & security as per any other web page delivered to your PC… i.e. if it’s a ‘bad’ web page, it should hopefully get picked up by your personal antivirus and desktop firewall. However, some people don’t always have this sort of technology when surfing the internet whilst directly connected at home. Also a worry considering that most phishing / malicious sites are hosted on legitimate (but compromised) websites.
Lethal if mixed with “Drive By Downloads”
The other concern is that the threat of using URL shortening services, combined with ‘drive by downloads makes a bad combination. This is whereby you visit a web page which contains malware which can be installed without your knowledge (you get infected just by viewing the dodgy web page) – it really makes you pause for thought.
A couple of weeks ago, we have already seen a surprise announcement from Microsoft relating to unresolved browser vulnerabilities which allow people to become infected… and unfortunately gone are the days when it was only Microsoft operating systems that were impacted by this…as it’s hitting Apple browser software too. Luckily Apple released an updated version of Safari which fixes this, as well as other security issues.
So Now What?
As always, this reiterates the need to ensure your machine is regularly patched, updated and running up-to-date antivirus / security products. There are also new browser add-ons and utilities to help preview shortened URLs, however for now there isn’t a silver bullet solution for this… yet. Unfortunately, sometimes the technology simply doesn’t always stop this sort of issue anyhow, and therefore we need to look beyond relying on technology to protect us…
A bit of common sense is always the best thing to minimise a potential impact.
Lastly, the most important thing is knowledge – and ensuring you are familiar with these new types of threats… so keep coming back to this blog for more updates.