back to article Extra spam and malware security for has partnered with security firms to bolt improved anti-spam and malware protection onto the URL shortening service. VeriSign’s iDefense IP reputation service will be used to screen against links that point to blacklisted sites hosting exploits, malicious code, botnet command and control servers or other nefarious …


This topic is closed for new posts.

dont they use a custom ua to request those urls?

ok so i made a page that returns the ua of the request in the title and shortened it with

i got the title back as "bitlybot" (bitly bot is the ua that uses) then i made it so it would "cloak" the page when was requesting it <a href=""></a> now you get different page if requests it rather than a regular user. this is even better if you know all ip then you can do ip based cloaking which is even better

i know this is a simple attack but i think it demonstrates my point



Couldnt they cut out all the middle men and just let Google integrate it with their safe browsing api?

This topic is closed for new posts.


Biting the hand that feeds IT © 1998–2017