I am watching with great interest, the activity on Twitter surrounding the current events in Iran. Based on the fact that there are seemingly hundreds of messages per minute with the tag #iranelection flying across the interwebs as I type this.
To be sure, it's both a fascinating thing to watch events unfold in real time (along with some serious cluelessness) and a horrifying thought to witness there are people experiencing some really horrible things at the same time as we watch.
Of course that really isn't my point, since there are hundreds of other blogs to analyze the actual events and how social media is changing the face of news or whatever. Use Google, go find 'em you're in the wrong place ;-)
No, rather as I watch this seemingly endless stream of raw data, I noticed one thing in common with most of them. There are links to other things. Shortened links. Shortened links that when viewed in the raw display no indication of where they might lead.
And?
Well since most people just follow the trending topic, they are getting random links from completely untrusted sources. Remember how you're not supposed to click on random untrusted links in e-mail? This is the same sort of thing, only I suspect people don't quite think about it since it's not e-mail, it must be safe, right? RIGHT?
So if I'm a bad guy, I just put a link to my site featuring the latest drive-by JavaScript attack on it into a Tweet with the most popular tag in trending topics. I will instantly have thousands of eyeballs looking at that URL and maybe clicking on it. No real work involved, no real need to even go through the trouble of injecting my naughty jscript into a legit site.
That was enough to keep me from clicking on anything I saw when I was following along with today's events. Sure, I use a cool (and free, remember where you are, after all) little Firefox Plugin called PowerTwitter that will go check the shortened link and translate that to the tile of the page. That's somewhat helpful, but really, how hard is it to simply put a legitmate looking title on your malware site?
Unfortuately, I don't really have anything resembeling a useful reccommendation besides use an aftermarket Twitter client or plugin that enumerates shortened links along with a little bit of healthy paranoia (try to go the the site independant of the Twittered link). So if anyone else out there actually stumbles upon my humble little musings and has suggestions or tips, I'd love to hear them.
Must Read: 6 Safety Precautions for e-Liquid and Vaping
-
Vaping is a great alternative to smoking. These 6 tips will help ensure you
don't make any mistakes that would make it less safe.
4 years ago