Clicks or Click Fraud?
Check out animation about millions of bots clicks show at Bit.ly as "statistics"
Twitter: The Dark Side Study
- EXECUTIVE SUMMARY
- INTRO to SOCIAL NETWORKING
- Human Society as Social Medium
- Networking at the Speed of Light
- Man I Need Coffee so Bad
- WELCOME to REAL-TIME WORLD
- The First Tweet?
- Businesses Emerge
- CLICK FRAUD - THE DARK SIDE
- URL Shortener
- Bit.ly’s Vulnerabilities
- Bit.ly – Twitter’s choice
- Tricky Analytics
- Twitter's ECO Footprint
- Are We Getting Stupider?
- Twitter Frenzy
- What Kind of Future with Twitter?
- EXPERIMENTS - Bit.ly Validity
- BOTS vs. HUMANS ratio
- BOTS vs. HUMANS by AdSense
- Insight Into Followers
- Bots Folllowing Bots Following Bots
- Christians Following Porn Bots
- Celebrities - Bots of the Worst Kind
- Celebrity Poluters
- Obama Girl?
- Direct Messaging Value
- MILLION CLICKS - ZERO HUMANS
- CONCLUSION
- Appendices
- BOTS vs. HUMANS IPA Analysis 1
- Followers Breakdown
- BOTS vs. HUMANS IPA Analysis 2
Check out these Ads and Click ones of Your Interest
Twitter: The Dark Side - URL Shortener
URL shortening services original purpose was to prevent long and cumbersome URLs from getting fragmented by broken email clients that felt the need to wrap everything to an 80-column screen. Now they are being constraint by sites like Twitter and its 140-character limitation and it seems Twitter gave a life to many URL shorteners .
Tech specifics and vulnerabilities of URL Shorteners are going to be examined more thoroughly as a subject of our next Study but for now it is important to know that even that tiny little links can be misused. A Cli.gs security hole was exploited by a malicious attacker who edited most URLs on Cligs to point to a single URL hosted on freedomblogging.com. That attack had about 2.2 million URLs affected.
Bit.ly’s Vulnerabilities
Bit.ly’s team had been fast in patching vulnerabilities as reflected cross-site in the Integrated Search feature, as submitted by Aviv Raff and Laurent Gaffie and Pierre Gardenat. This vulnerability could have been used by an attacker to take control of its victims Twitter accounts, as well as to create a massive Twitter worm.
Raff also highlighted XSS errors in the URL and keywords parameter and similar vulnerabilities in the username field of the Bit.ly login page and the content-type field of the URL info page. The flaws were discovered by security researchers Mike Bailey and Mario Heiderich. It took Bit.ly developers about a month to correct the errors.
"Please be careful clicking those shortened URLs."XSS errors enable an attacker to insert malicious coding into a link that appears to be from a trustworthy source. When someone clicks on the link, the embedded programming is submitted as part of the client's Web request and can execute on the user's computer, typically allowing the attacker to steal information. When Web forms contain XSS errors, attackers alter the HTML that controls the behavior of the form,” Raff wrote in his blog.
Raff has been critical of Twitter and third-party services that rely on Twitter's API to connect to the Twitter platform for a while. He recently said that the API could be used as a springboard by attackers to create Twitter worms and spread malware to steal sensitive data from users. The Bit.ly URL shortener is an ideal place for such attack.
If Cligs had 2.2 million links affected with an attack we can only hope for the best with billions of Bitly’s links.
PART VI: Bit.ly - The Twitter's Choice
Licensees may copy, distribute, display and perform the work and make derivative works based on it only if they give the authors the credits and only for noncommercial purposes.
For on-line displays of the work and derivative works licensees must include SEO Artworks link as follows: http://www.seo-artworks.com/Twitter/twitter-study.htm.
SHARE YOUR THOUGHTS
