Federal Cyber Security and Short URL Vulnerabilities
Monday, January 24, 2011
Employees of the Federal Government, like many other internet users, are active participants in the many social networks.
Users in the Federal Government run the gamut from clerical employees to the President of the United States and their social networking on sites like Twitter, Facebook and linked-in increases every day.
However, this increased activity has opened the government networks to cyber and botnet attack vulnerability because of the use of short URL links.
Short URL aliases are seen as useful because they are easier to write down, remember or pass around, and are less error-prone to write. One of the largest advantages is that shortened URL's also fit where space is limited. People posting on Twitter make extensive use of shortened URLs to keep their tweets within the service-imposed 140 character limit.
The growth of Twitter and other social media sites has made URL shortening services a welcomed fact of life for many users. Unfortunately, it seems spammers have now taken notice, and are working shortened URLs into their schemes.
Short links are easier to paste or type. The trouble-and abuse-follows because users do not know where these shortened links actually lead until they click them. This is a huge opportunity for abuse. Spammers have already latched onto short URLs to evade traditional filters and infect a number of networks with malware and other malicious files.
Some experts expect to see short URL abuse invade all other forms of Internet communications. The use of shortened URL's is growing geometrically and will continue to see strong growth as social networking sites become even more active. And, According to recent reports there has been a significant increase in the amount of spam using links concealed with URL shortening services.
This threat is particularly dangerous to government networks where there are large, interrelated networks that are critical to defense and infrastructure networks. As more and more government works use Twitter and other social networks, destructive malicious activity will increase.
Though URL shortening services typically have filters in place, the filters are not foolproof. McAfee recommends using its proprietary URL shortening service-mcaf.ee. McAfee's shortened URLs are scanned and filtered to weed out malware. This does not eliminate malicious links sent to a user.
Another way to avoid malicious attacks hiding behind innocent-looking shortened URLs is using a tool like Tweetdeck that offers an option to reveal the full-length link behind the shortened URL before visiting it. In addition to a solution to the short URL problem, Tweetdeck also offers management tools for more efficient social networking.
Comments
Post a Comment