[OPLIN 4cast] OPLIN 4cast #457: Shortened URLs pose a security risk

OPLIN Support support at oplin.ohio.gov
Wed Sep 30 10:31:43 EDT 2015 

 Email not displaying correctly? View it in your browser.
<http://www.oplin.org/4cast/> [image: OPLIN 4Cast]

OPLIN 4cast #457: Shortened URLs pose a security risk
September 30th, 2015

[image: Malware] Shortened URLs are long web addresses that are compacted
for the sake of brevity. They are very popular with users of Twitter, where
the total character limit for a tweet is only 140 characters. To make the
most of what little space there is, many Twitter uses make frequent use of
link shorteners, such as bit.ly or tinyurl.com.  One disadvantage of these
compacted addresses is that the viewer often cannot tell where the link
goes,  without actually clicking on it.  As a result, it is fairly easy for
scammers to directly link to malware, disguising the link as something far
more innocuous.  Users end up automatically downloading malicious code or
content.  Widespread use of Twitter, especially during large events (such
as sporting events or natural disasters), make Twitter a clear avenue for
cyberattacks as traffic increases. Experts have been working to try to
solve this problem.  Now, they may have.  Scientists at Cardiff University
have designed an intelligent system that can identify malicious short links
on Twitter.  The new system will be tested at the European Football
Championships next summer.

   - With cyber-security threats increasing, it's important for users to be
   aware of what they click
   <http://www.technewstoday.com/26384-cardiff-university-designs-malware-detection-system-in-twitter-inc-short-ur/>
(Tech
   News Today | Alison Peters) "The recently designed system identifies
   cyber-attacks with 98% precision within half an hour and has the ability to
   identify 83% of cyber-threats within 3 seconds respectively."
   - Scientists stop and search malware hidden in shortened URLs on Twitter
   <https://www.epsrc.ac.uk/newsevents/news/malwareinshorturls/> (Engineering
   & Physical Sciences Research Council) "The scientists collected tweets
   containing URLs during the 2015 Superbowl and cricket world cup finals,
   and monitored interactions between a website and a user's device to
   recognise the features of a malicious attack. Where changes were made to a
   user's machine such as new processes created, registry files modified or
   files tampered with, these showed a malicious attack."
   - Hunting out malware hidden in short Twitter URLs
   <http://www.financialexpress.com/article/industry/tech/hunting-out-malware-hidden-in-short-twitter-urls/141716/>
(The
   Financial Express | ANI) "Lead scientist Pete Burnap said that
   unfortunately the high volume of traffic around large scale events creates
   a perfect environment for Cyber-criminals to launch surreptitious attacks.
   It is well known that people use online social networks such as Twitter to
   find information about an event."
   - Researchers Trained an AI to Detect Malware Obscured via Twitter t.co
   Short URLs
   <http://news.softpedia.com/news/researchers-trained-an-ai-to-detect-malware-obscured-via-twitter-t-co-short-urls-492816.shtml>
(Softpedia)
   "Because cyber-criminals will provide insightful and interesting tweets
   along with their malware-infested t.co URLs, this AI could benefit
   Twitter by allowing it to weed out misbehaving and abusive bot accounts."'

*Articles from Ohio Web Library <http://ohioweblibrary.org>:*

   - Dropbox's URL shortener abused by spammers
   <http://oplin.org/auth?url=http%3A%2F%2Fsearch.ebscohost.com%2Flogin.aspx%3Fdirect%3Dtrue%26db%3Dpwh%26AN%3D2WSV3782868173%26site%3Dehost-live>.
   (*Quebec Express*. Mar 12, 2012 | Jeremy Kirk)
   - Is That Short URL Hiding Something?
   <http://oplin.org/auth?url=http%3A%2F%2Fsearch.ebscohost.com%2Flogin.aspx%3Fdirect%3Dtrue%26db%3Dsch%26AN%3D47558386%26site%3Dehost-live>
   (*Popular Mechanics*; Feb2010, Vol. 187 Issue 2, p100-102 | Seth Porges)
   - Security Fears Rising As Mobile, Social Gain
   <http://web.a.ebscohost.com.proxy.oplin.org/ehost/detail/detail?sid=2e4b2505-2b7a-4612-a76b-cae8aea60a42%40sessionmgr4002&crlhashurl=login.aspx%253fdirect%253dtrue%2526db%253dbwh%2526AN%253d56684120%2526site%253dehost-live&hid=4104&vid=0&bdata=JnNpdGU9ZWhvc3QtbGl2ZQ%3d%3d#AN=56684120&db=bwh>
    (*Investors Business Daily*. 12/31/2010, pA04 | Donna Howell)

------------------------------
The *OPLIN 4cast* is a weekly compilation of recent headlines, topics, and
trends that could impact public libraries. You can subscribe to it in a
variety of ways, such as:

   - *RSS feed.* You can receive the OPLIN 4cast via RSS feed by
   subscribing to the following URL:
   http://www.oplin.org/4cast/index.php/?feed=rss2.
   - *Live Bookmark.* If you're using the Firefox web browser, you can go
   to the 4cast website (http://www.oplin.org/4cast/) and click on the
   orange "radio wave" icon on the right side of the address bar. In Internet
   Explorer 7, click on the same icon to view or subscribe to the 4cast RSS
   feed.
   - *E-mail.* You can have the OPLIN 4cast delivered via e-mail (a'la
   OPLINlist and OPLINtech) by subscribing to the 4cast mailing list at
   http://mail.oplin.org/mailman/listinfo/OPLIN4cast.

© 2015 Ohio Public Library Information Network
[image: Find us on Slideshare] <http://www.slideshare.net/oplin>  [image:
Find us on Facebook] <http://www.facebook.com/oplin.org>  [image: Find us
on Google+] <https://plus.google.com/107751358238995507967>  [image: Find
us on Twitter] <http://www.twitter.com/oplin>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplin4cast/attachments/20150930/432b9697/attachment.html>

More information about the OPLIN4cast mailing list