{"id":727,"date":"2009-12-03T12:24:39","date_gmt":"2009-12-03T20:24:39","guid":{"rendered":"http:\/\/blog.cosaint.net\/?p=727"},"modified":"2023-03-01T17:26:51","modified_gmt":"2023-03-01T17:26:51","slug":"url-shortening-as-a-security-threat","status":"publish","type":"post","link":"https:\/\/www.empowerelearning.com\/blog\/url-shortening-as-a-security-threat\/","title":{"rendered":"URL Shortening as a Security Threat?"},"content":{"rendered":"

\"http\"Most of us are familiar with URL shortening websites such as bit.ly<\/a>, tinyurl.com<\/a>, and is.gd<\/a>. It’s one of the technologies that’s fuelling the explosive growth of social networks such as Twitter – after all, 140 characters isn’t a lot of space to fit a message if most of it is taken up with a URL!<\/p>\n

But the use of URL shortening can be a major headache since a shortened URL could obscure the real target address and, as a result, it could be used to redirect the viewer to an unexpected site such as a phishing website, or a website infected with malware.<\/p>\n

<\/p>\n

So what should we teach our students about shortened URLs? I have to confess that I’m at a bit of a loss here. The only things that I can suggest are:<\/p>\n

    \n
  1. Links provided by people who are known to you are – generally – going to be safer than those provided by strangers. However, Twitter and Facebook accounts have been hacked and used to send out malicious links, so knowing the sender isn’t 100% safe.<\/li>\n
  2. Links that have ‘context’ are likely to be safer than links that don’t. For example, if a tweeter (is that the right term?) has been writing about learning management systems for a while, and then includes a link in a tweet that claims to be the URL for a website about e-learning, it’s probably going to be OK. If that same person suddenly posted a link with the text ‘Find out more about weight loss supplements’, it would be out-of-context and you should be VERY wary.<\/li>\n
  3. Keep all of your software up-to-date in case you’re directed to an infected website.<\/li>\n<\/ol>\n

    Beyond that, I don’t know what to say. I know that Twitter and some of the URL shortening services have started to address the problem – Twitter by checking the destination of links entered into tweets, and URL shortening services by providing a preview service – but neither of these approaches seems to have solved the problem right now.<\/p>\n

    Anybody have any other advice?<\/p>\n

    Some Further Reading<\/b><\/p>\n