TinyURLRecently we saw a “clickjacking” proof of concept by Chris Shiflett, where Twitter users were bluffed to click on URL that says, “Dont Click”.

Clicking the URL and the subsequent button will just spammed other Twitter followers of the tweet, assuming you are logged in.

Although the attack was using MooURL.com to shorten/hide the actual link, the more popular or common tool is TinyURL.com where there is a Preview Feature that one can enabled.

When this is enabled, a cookie is installed in your browser and each time a TinyURL link is clicked, you get to preview the actual URL before proceeding to view the page.

This feature is particually good to prevent a similar exploit not just in Twitter but also in the event a phishing attack that came with the same shorten URL.

Update 13 March: An entry in TrendMicro’s blog of a phishing attack from a bogus email from Spanish bank, Bancaja using TinyURL. There is a tool call LongURL that can be dowloaded as a Firefox extension to verify TinyURL.

Advertisements