Web Development Tips and Examples
The Web is a dangerous place, and is getting more dangerous as attackers develop increasingly sophisticated techniques to compromise systems.
In this article I have put together a random collection of links that contain useful penetration testing tools and resources for the Windows environment. This list is current as of August 2013, but I’m sure it will quickly change as industry adapts to the ever growing number of attacks. Continue reading “Windows Penetration Testing Links”
It can be quite a challenge to find effective software that can help you keep your PC in proper working order so in this article I will attempt to review some of the best free PC maintenance tools available as of the start of 2013.
It’s a well know fact that with use your PC’s performance will degrade if it is not properly maintained. When putting together your PC maintenance toolkit there are a number of key areas that you want to have covered. These categories include:
URL shortening services are ubiquitous nowadays, and I agree that there are many benefits to having a short link rather than a long and sometimes meaningless URL. However the fact that links to potentially dangerous sites can now easily be obfusticated makes URL shortening a very dangerous thing when put into the hands of the wrong people.
Specifically, the widespread use of URL shortening services means that users can no longer quickly eyeball links to make sure they don’t lead to malware or virus sites. In my opinion this is a major problem that gives writers of online exploits a huge advantage.
Sites that make heavy use of URL shortening services such as Twitter have tried to institute changes to how shortened links are displayed, but this is easily circumvented by spammers or even accidentally.
The problem with URL shortening is that it obscures the target address, and so can be used to redirect to an unexpected site which can contain viruses or other exploits. New URL shortening services spring up all the time, including services specifically designed by malware creators. When one of these fly-by-night shortening services is used, then the full destination URL will not be shown in on mouseover of a link. At that point the URL has been successfully hidden. This is a plus for malware creators since they rely on volume and people making careless clicks, so when their malicious links have been obscured they will expect to get more hits by unsuspecting users.
Kaspersky security reports indicate that the number of browser-based malware attacks have increased exponentially since 2007. To quote numbers from a 2010 Kaspersky article: in 2007, a total of 23,680,646 attacks were recorded against KSN users, however in 2010 it skyrocketed to 580,371,937! From events of 2011 it looks like this year the total attack numbers will make the 2010 numbers look very small by comparison.
In this article I will alternate usage of shortened URLs that link to Web-based exploits with cloaked URL and poisoned link.
Continue reading “URL Shortening is a Growing Security Risk”
Justin Cooney 