EmailSafety.net - Hacker cracks TinyURL rival, redirects millions of Twitter users

Hacker cracks TinyURL rival, redirects millions of Twitter users

Anti-Spam Software

What is Spam?

Spam Laws

Spam Facts

User Tips

Common Email Scams

What Are Visuses?

Virus Prevention Tips

Anti-Virus Software

Basic Tips

Recent News

A URL-shortening service that condenses long Web addresses for use on micro-blogging sites like Twitter was hacked over the weekend, sending millions of users to an unintended destination, a security researcher said today.

After Cligs, a rival to the better known TinyURL and bit.ly shortening services, was attacked Sunday, more than 2.2 million Web addresses were redirected to Kevin Saban's blog, which appears on the Orange County Register's Web site. Noticing a dramatic upswing in traffic, Saban -- who uses Cligs in his Twitter messages to shorten URLs -- contacted Pierre Far, the creator of Cligs.

"Quite curious," was how Graham Cluley, a senior technology consultant with security company Sophos, put it. "Our first thought was that it was a spam campaign, that the hack would redirect [users] to a porn site perhaps, but it seems that [Saban] was entirely innocent. Very bizarre."

Cluley's take was fueled by the assumption that the vast majority of criminal activity on the Internet is based on the profit motive, and here there didn't seem to be one. "Maybe this was a mistake on the part of the hackers," he said. "Maybe they just got the [shortened] URL wrong, and meant to direct users to a different site."

Related Content

That site, he said, could have been a malware-infected address where exploits lay in wait. Or to a spam destination, since spammers have used shortened URLs

Cligs currently doesn't register in the top five shortening services used on Twitter, according to Tweetmeme, which ranks bit.ly and TinyURL in the No. 1 and No. 2 spots, so the hack could have been significantly worse if it had happened on one of those services.

Cluley's point: "There was one single point of failure here," he said. "They only had to hack one thing, the Cligs service, to affect millions of URLs."

Early yesterday, Cligs acknowledged the hack, which had exploited a vulnerability in its editing function. "I've identified the hole and disabled all cligs editing for now and I'm restoring the URLs back to their original destination states," said Far, Cligs' creator, in a blog post. "However, the most recent backup is from early May, and so we may have lost all URLs created since then. My daily backups with my host were turned off for some reason, which is another story."

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.

Recent News:

· Feds draw a bead on Russian behind Mega-D botnet
· Ransomware Attack Resurfaces to Hold Files Hostage
· Adobe Reader X Makes PDF Files Safer
· PayPal Users Beware of Holiday Phishing Scam
· McAfee Reports Malware at All-Time High

Site Map | Recent News | Related Sites