OT: TinyURL
Joseph Reeves
iknowjoseph at gmail.com
Thu Jun 5 10:35:45 CEST 2008
I'm sorry, but this is a pretty ridiculous argument:
Company A releases a largely redundant service that does little more
than expose its users to a potential attack vector. In return, Company
A releases a second service to try improve the security of its first.
Why bother with either? My email client is pretty good; I'll continue
not clicking on tinyurls links.
Joseph
On 04/06/2008, Stroller <linux.luser at myrealbox.com> wrote:
>
> On 4 Jun 2008, at 18:12, Joseph Reeves wrote:
>
> > ...
> > TinyURL on the other hand... Why would anyone ever use that? I never
> > click on links unless I know where they link to. Here's a plan for
> > abuse:
> >
> > 1: Discover browser 0-day exploit
> > 2: Put up a gallery of FreeRunner pictures on a website
> > 3: Point a tinyurl at the gallery
> > 4: Wait until everyone's linked to it and is clicking it
> > 5: Change gallery to 0-day exploit
> >
> > Or even easier:
> >
> > 1: Link to goatse.
> >
> > TinyURL takes all the best practice Internet guidlines you try and
> > teach people and ruins them all. Can't stand it.
> >
>
> TinyURL itself protects you from this.
>
> All you do is go to <http://tinyurl.com/preview.php>, click on the "enable
> previews" link and it sets a cookie on your PC. Thereafter, everytime you
> click on a TinyURL link it shows you first what website the link redirects
> to, and you then have to click again to make a "manual redirection".
>
> Maybe your email client is perfect, and never has a problem with mangled
> URLs, but for the rest of us TinyURL is very useful.
>
> Stroller.
>
>
More information about the community
mailing list