Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: TinyURL and security - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
TinyURL and security

Roseman wrote in with a pointer to a techrepublic blog that points out the well known danger to the short URL servcies and their widespread use.

The blog also pointed out:

  • TinyURL has a preview function that (once you set the cookie) allows you to see where you're being redirected before it happens. Set the cookie here:
  • has an add-on for firefox that allows you to see where the URL points to in addition to some statistics.

Those measures reduce some of the danges, but by far not every danger of users being used to click on links they receive via twitter, IM, or email. It's still far safer to go to any place you need to log in such as e.g. your bank via a bookmarked link only. Those bookmarks reduce the phishing attempts emailing you funny URLs, the typosquatters etc. Add in a properly workign certificate on the SSL version of the website and you've got some serious defense going as a user as long as you do not accept bad certificates.

Swa Frantzen -- Section 66


760 Posts
Mar 10th 2009
TinyURL has another preview mode that you don't have to do anything ahead of time to use. Just replace the URL with:

Sign Up for Free or Log In to start participating in the conversation!