Bit.ly has partnered with security firms to bolt improved anti-spam and malware protection onto the URL shortening service. VeriSign’s iDefense IP reputation service will be used to screen against links that point to blacklisted sites hosting exploits, malicious code, botnet command and control servers or other nefarious …
dont they use a custom ua to request those urls?
ok so i made a page that returns the ua of the request in the title and shortened it with bit.ly
i got the title back as "bitlybot" (bitly bot is the ua that bit.ly uses) then i made it so it would "cloak" the page when bit.ly was requesting it <a href="http://bit.ly/cloakua">http://bit.ly/cloakua</a> now you get different page if bit.ly requests it rather than a regular user. this is even better if you know all bit.ly ip then you can do ip based cloaking which is even better
i know this is a simple attack but i think it demonstrates my point
Couldnt they cut out all the middle men and just let Google integrate it with their safe browsing api?
- Xmas Round-up Ten top tech toys to interface with a techie’s Christmas stocking
- It's true, the START MENU is coming BACK to Windows 8, hiss sources
- Google embiggens its fat vid pipe Chromecast with TEN new supported apps
- Pic NASA Mars tank Curiosity rolls on old WET PATCH, sighs, sniffs for life signs
- Microsoft: Don't listen to 4chan ... especially the bit about bricking Xbox Ones