Reliable, affordable business hosting from Yahoo! Web Hosting
Home Sitemap

SEO ARTWORKS - SERVICES

What to Expect after you hire us? A scope of work - anticipated results, analytics, follow-ups and more...

TWITTER: THE DARK SIDE
URL (Uniform Resource Locator) Shortener Service

URL shortening services original purpose was to prevent long and cumbersome URLs from getting fragmented by broken email clients that felt the need to wrap everything to an 80-column screen.

Clicks or Click Fraud?

Bit.ly Clicks Animation

Check out animation about millions of bots clicks show at Bit.ly as "statistics"

Twitter: The Dark Side Study

Check out these Ads and Click ones of Your Interest

 

 

 

Twitter: The Dark Side - URL Shortener

URL shortening services original purpose was to prevent long and cumbersome URLs from getting fragmented by broken email clients that felt the need to wrap everything to an 80-column screen. Now they are being constraint by sites like Twitter and its 140-character limitation and it seems Twitter gave a life to many URL shorteners .

Tech specifics and vulnerabilities of URL Shorteners are going to be examined more thoroughly as a subject of our next Study but for now it is important to know that even that tiny little links can be misused. A Cli.gs security hole was exploited by a malicious attacker who edited most URLs on Cligs to point to a single URL hosted on freedomblogging.com. That attack had about 2.2 million URLs affected.


Bit.ly’s Vulnerabilities

Bit.ly’s team had been fast in patching vulnerabilities as reflected cross-site in the Integrated Search feature, as submitted by Aviv Raff and Laurent Gaffie and Pierre Gardenat. This vulnerability could have been used by an attacker to take control of its victims Twitter accounts, as well as to create a massive Twitter worm.

Raff also highlighted XSS errors in the URL and keywords parameter and similar vulnerabilities in the username field of the Bit.ly login page and the content-type field of the URL info page. The flaws were discovered by security researchers Mike Bailey and Mario Heiderich. It took Bit.ly developers about a month to correct the errors.

"Please be careful clicking those shortened URLs."XSS errors enable an attacker to insert malicious coding into a link that appears to be from a trustworthy source. When someone clicks on the link, the embedded programming is submitted as part of the client's Web request and can execute on the user's computer, typically allowing the attacker to steal information. When Web forms contain XSS errors, attackers alter the HTML that controls the behavior of the form,” Raff wrote in his blog.

Raff has been critical of Twitter and third-party services that rely on Twitter's API to connect to the Twitter platform for a while. He recently said that the API could be used as a springboard by attackers to create Twitter worms and spread malware to steal sensitive data from users. The Bit.ly URL shortener is an ideal place for such attack.
If Cligs had 2.2 million links affected with an attack we can only hope for the best with billions of Bitly’s links.

 

 

PART VI: Bit.ly - The Twitter's Choice

 



Licensees may copy, distribute, display and perform the work and make derivative works based on it only if they give the authors the credits and only for noncommercial purposes.
For on-line displays of the work and derivative works licensees must include SEO Artworks link as follows: http://www.seo-artworks.com/Twitter/twitter-study.htm.


SHARE YOUR THOUGHTS

 

 

 

Valid CSS! Valid XHTML 1.0 Transitional