I’m finding myself using Twitter more and more in my everyday work. It’s an effective way of quickly sharing and gathering information about emerging security threats from other internet users.
But one of my concerns with the system is a side effect of its very raison d’etre. You see, Twitter was born with micro-blogging in mind – that means telling your whole story in 140 characters or less. And that forces Twitter users to shrink down any handy urls they might want to share with others from, say, https://sophosnews.files.wordpress.com/2009/02/longurl.jpggc/g/2009/02/18/neat-add-on-twitter/ to the rather more compact http://tinyurl.com/c27gqd.
What’s wrong with that, you ask? Well, sure it’s handy but security experts have spent years telling us to be really really carefully about what we click on, and warning of the harm to which careless clicking might lead.
At its most benign level you might think you’re clicking on a link to a CNN News story and actually be Rickrolled instead. But imagine you received a link which appeared innocent but actually took you site hosting hardcore porn or malware, or if you thought you were clicking on a link to your online bank but were really being taken to a phishing site.
In a nutshell, LongURL automagically converts all those TinyURL, bit.ly, snipurl and other shorthand URLs into their true expanded form when you hover the mouse – meaning you have more of a clue of where you are going to end up, before you click on the link.
What a great idea.