Extra spam and malware security for bit.ly
Bit.ly has partnered with security firms to bolt improved anti-spam and malware protection onto the URL shortening service. VeriSign’s iDefense IP reputation service will be used to screen against links that point to blacklisted sites hosting exploits, malicious code, botnet command and control servers or other nefarious …
dont they use a custom ua to request those urls?
ok so i made a page that returns the ua of the request in the title and shortened it with bit.ly
i got the title back as "bitlybot" (bitly bot is the ua that bit.ly uses) then i made it so it would "cloak" the page when bit.ly was requesting it <a href="http://bit.ly/cloakua">http://bit.ly/cloakua</a> now you get different page if bit.ly requests it rather than a regular user. this is even better if you know all bit.ly ip then you can do ip based cloaking which is even better
i know this is a simple attack but i think it demonstrates my point
Um...
Couldnt they cut out all the middle men and just let Google integrate it with their safe browsing api?
Sign up, sign up for The Register's weekly IT security newsletter - click here
Popular Whitepapers
- The BI Inflexion Point
Information is a right, not a privilege - VPN security - if you want it, come and get it
Attention WiFi hotspotters: You want it - The Register Guide to iSCSI
A primer on Internet SCSI, a protocol to transport SCSI commands over IP - Secure Mobile Working
Beyond the Technology - The Impact of IT Security Attitudes
Putting the pieces in place for effective security delivery - The Register guide to unified communications
A primer on the implications of unified communications for enterprise IT
