Security Risk of Shortened URLs and How to Expand Them

Shortened URLs are a fixture in the social networking world.  They are the cryptic URLs you normally see on your Twitter feed as well as on Facebook.

The problem lies with being able to see if the link is authentic are not.  Just by observing the link, you cannot tell and hackers are using that deficiency to their benefit.

The sensible thing is to review the shortened URLs before you access it.

With the popular “TinyURL” service, if you add “preview.” before the “tinyurl.com” portion of the URL it will show the actual link.

For example, you can change:

http://tinyurl.com/6p2b88o into http://preview.tinyurl.com/6p2b88o

It will take you to a site where you can observe the URL.  In this case, the site was trying to give away coupons, but it could have just as well been a malicious site.

You can also configure your browser to take you to the preview page whenever you click on a tinyurl.com shortcut.  If you go to http://tinyurl.com/preview.php you can set a cookie (Good One) for it to occur.

Most other URL shortened services allows you to place a “+” to preview a shortenedURL, for example:

http://bit.ly/z4m953 to http://bit.ly/z4m953+ will take you to an interview Mario Armstrong conducted at CES 2012.

They are also web-based URL expanding services available.  Here are a few we tested which allowed us to expand shortened URLs.  These services are completely free with no need to sign-up or buy anything.

Lastly, a Firefox extension called “LongURL” allows you to preview the full URL when you put your cursor over a shortened URL.  This is much more convenient than some of the manual processes since it saves a lot of time.

LongURL currently supports more than 180 known URL-shortening services and it can be retrieved as a standard Firefox add-on or as a Greasemonkey script.

If you don’t use Firefox, you can go to LongURL.org and paste any shortened URL to see the expanded URL.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


error: Content is protected !!