Bit.ly has partnered with security firms to bolt improved anti-spam and malware protection onto the URL shortening service. VeriSign’s iDefense IP reputation service will be used to screen against links that point to blacklisted sites hosting exploits, malicious code, botnet command and control servers or other nefarious …
dont they use a custom ua to request those urls?
ok so i made a page that returns the ua of the request in the title and shortened it with bit.ly
i got the title back as "bitlybot" (bitly bot is the ua that bit.ly uses) then i made it so it would "cloak" the page when bit.ly was requesting it <a href="http://bit.ly/cloakua">http://bit.ly/cloakua</a> now you get different page if bit.ly requests it rather than a regular user. this is even better if you know all bit.ly ip then you can do ip based cloaking which is even better
i know this is a simple attack but i think it demonstrates my point
Couldnt they cut out all the middle men and just let Google integrate it with their safe browsing api?
- JLaw, Kate Upton exposed in celeb nude pics hack
- Google flushes out users of old browsers by serving up CLUNKY, AGED version of search
- GCHQ protesters stick it to British spooks ... by drinking urine
- Page File Love XKCD? Love science? You'll love a book about science from Randall Munroe
- Facebook to let stalkers unearth buried posts with mobe search