Steve Nimmons is a Senior Technologist, Engineer, Rotarian, Natural Historian, Antiquarian, Artisan and Philanthropist, Conservative and Unionist Politico.
A highly experienced consultant in SOA, Integration, BI, ECM and Security - professional credentials including Eur Ing, CEng, FBCS CITP, FIMIS, FIAP, FRSA, FLS, FSA Scot. Read more...
Email: steve at stevenimmons.org
ALSO: Check out my personal (non-techie) blog:
I also blog on the Atos Origin CIO / CTO Blog
Y'all Come Back Now, Ya Hear?
This Month's Articles
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| 28 | 29 | 30 | 1 | 2 | 3 | 4 |
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 | 1 |
Popular content
Today's:
Recent comments
- I like the standardization bit.
4 weeks 1 day ago - Good work! Your post/article
14 weeks 5 days ago - Have you tried the module itself?
15 weeks 2 days ago - technical seo consultants
18 weeks 2 days ago - Duh
19 weeks 16 hours ago - Interesting approach to using LinkedIn
19 weeks 21 hours ago - Best of luck
20 weeks 4 days ago - No Joy
20 weeks 6 days ago - Lets try that again
20 weeks 6 days ago - Checking again with reinstalled FFX plug in
20 weeks 6 days ago
Please remove your cloak
No Destination Transparency
Thinking about all of the phishing links and bogus DM messages that have been circulating this week and last on Twitter.
I've said it before, although URL shortening services are incredibly useful for Microblogging platforms, they do provide a rather useful opportunity for 'cloaking' and 'sneaky re-directing' . Why? Well, because it's darn difficult to figure out where a shortened URL is pointing without actually following the link. Taking a cursory glance at such a condensed link provides no 'destination transparency'.
Compressing a 50 or so character URL into approximately 10 characters is of course a very attractive and useful space saving technique for constrained Microblogging.
Ideas for Solution
It seems to me with a little piece of nifty 'server-side' code (or client side in your Microblogging client software) it would be pretty easy to provide functionality such that when a user rolled the mouse over a shortened link, the full destination link was displayed (e.g. in a light-box, or simply as a transformed variant of the shortened URL). You could then determine the actual destination domain and use some more intelligence / judgement as to whether you were being 'baited'. If you could see this in links supplied over DM, or Tweet timeline it would provide something of a solution to spotting the obvious phishing 'redirects'.
There could of course be a sneaky redirect at the destination URL, so it wouldn't be foolproof but I think it would help unravel some of the more obvious phishing and link baiting attempts.
Further Improvements
McAfee provide a service which shows 'traffic' light (RAG) style warnings about URLs they have crawled - this appears along-side search results (assuming installed on your machine). A similar colour coding or visual warning would be useful on either the shortened URL or what appears when you see a full URL on 'mouseover'. I guess this could generate a lot more server traffic as it interrogates for the 'long-URL', but maybe something sensible could be done in terms of caching.
Microblogging platforms could also loosen their character limits, and perhaps the URL shortening services could use an algorithm that preserved destination domain name (so this was transparent in the shortened variant). I agree that wouldn't be optimal, and I'd rather have a simple 'roll-over' function on my Microblogging client / service that would show me where I will end up if I click through...
Bookmark/Search this post with:
Comments
Post new comment