In an effort to battle Phishing attacks and other malicious messages on their service, Twitter has beefed up security measures and introduced a shortened URL, twt.tl. This new service routes all links through their own systems, and hopes to screen out the junk. Question is - will it work?
Twitter launches its own URL service as a security measure. (IMG: J.Anderson)
Last month, and for the past year really, Twitter has been slammed with malicious attacks. Some are Phishing attacks, others spread Malware, but the commonality is the same, they start with a link. According to a report from Barracuda Labs, in October 2009, 12 percent of the accounts on Twitter were eventually suspended for malicious activity or misused in general. The report noted that one in eight accounts during that time was up to no good.
“Basically, people click the link and bad things happen. My team can only detect these scams after malicious links have already been sent out,” said Del Harvey, Director of Twitter's Trust and Safety team, in a recent blog post.
To help combat this Twitter is launching twt.tl, a new service that will see all links on Twitter routed through it. With the new URL service, Harvey noted, “…we can detect, intercept, and prevent the spread of bad links across all of Twitter. Even if a bad link is already sent out in an email notification and somebody clicks on it, we'll be able keep that user safe.”
For now, users will note that the new service is used in email notifications and Direct Messages. However, it isn’t perfect yet, and testing by one researcher discovered a domain that was already shortened – such as one using bit.ly – wasn’t flagged by Twitter’s twt.tl when sending Direct Messages, but it was caught via email. The issue is being addressed, and could be as simple as adding the domain to the system.
Another note, based on Tweets by Harvey is that there is no privacy risk with the new service. Content is not being scanned when twt.tl checks links. The only problem is that, while she explained that, “I certainly wouldn't consider this a privacy threat,” Harvey’s initial post is lacking a good deal of information into the inner workings of the new system and the realistic expectations Twitter users should have.
The other question is why a URL shortening service is being used to screen malicious URLs. While an interview with Dark reading has one security company speculating that, “…they wanted to have a URL shortener and are using security as a reason…,” there is no clear explanation for the launch of twt.tl, and that leaves room for it to be used for things outside of security.
Another hope is that the service will be migrated to the live feed, where most of the malicious links live on Twitter. Criminals often seek to hijack trending topics and create Tweets with related terms that link to Malware.
At present, the only real protection against this is to use caution when clicking links. You can also use services to check links, such as this one from F-Secure, which offers a little more protection when they appear in direct messages.
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story