<html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style id="owaParaStyle" type="text/css">P {margin-top:0;margin-bottom:0;}</style>
</head>
<body ocsi="0" fpstyle="1">
<div style="direction: ltr; font-family: Tahoma; color: rgb(0, 0, 0); font-size: 10px;">
<div style="">It's worth noting that noscript alone does not protect you against all attacks. A lot of attacks hidden behind URL shortners are of the phishing variety, and will collect information directly and without relying on scripts.<br>
<br>
RequestPolicy ( http://www.requestpolicy.com/ ) does a good job of protecting against request forgeries. I use it in combination with NoScript, AdBlock, and WebOfTrust to form a nice secure base. I am also experimenting with Interclue, though at the moment,
this one seems to not be worth the pain.<br>
</div>
<div><br>
<div style="font-family: Tahoma; font-size: 13px;">
<div style="font-family: Tahoma; font-size: 13px;">
<div style="font-family: Tahoma; font-size: 13px;"><font style="font-family: Courier New;" color="#888888" size="1">-Josh More, CISSP, GIAC-GSLC, GIAC-GCIH, RHCE, NCLP<br>
<a href="mailto:morej@alliancetechnologies.net" target="_blank"><span class="il">morej@alliancetechnologies.net</span></a>
<br>
515-245-7701 </font>
<div style="font-family: Tahoma; font-size: 13px;"></div>
</div>
</div>
</div>
</div>
<div style="font-family: Times New Roman; color: rgb(0, 0, 0); font-size: 16px;">
<hr tabindex="-1">
<div style="direction: ltr;" id="divRpF648521"><font color="#000000" size="2" face="Tahoma"><b>From:</b> cialug-bounces@cialug.org [cialug-bounces@cialug.org] on behalf of Scott Prader [sprader@iastate.edu]<br>
<b>Sent:</b> Friday, July 16, 2010 18:23<br>
<b>To:</b> Central Iowa Linux Users Group<br>
<b>Subject:</b> Re: [Cialug] TinyURL<br>
</font><br>
</div>
<div></div>
<div>It does not. The point of noscript being that, if you follow a tinyurl and you're not sure where it's going, the noscript will catch it if it's a clickjack or something that would otherwise lead to a headache of an afternoon.<br>
<br>
-Scott<br>
<br>
<div class="gmail_quote">On Fri, Jul 16, 2010 at 9:57 AM, <span dir="ltr"><<a href="mailto:j.bengtson@mchsi.com" target="_blank">j.bengtson@mchsi.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div>Yeah, got it, use it...does it have a URL shortening feature that I'm not aware of?
<div class="im"><br>
<br>
----- Original Message -----<br>
From: Scott Prader <br>
To: Central Iowa Linux Users Group <br>
</div>
<div>
<div></div>
<div class="h5">Sent: Thu, 15 Jul 2010 17:09:15 -0500 (CDT)<br>
Subject: Re: [Cialug] TinyURL<br>
<br>
One word: noscript.<br>
<br>
<a href="http://noscript.net" target="_blank">http://noscript.net</a><br>
<br>
-Scott<br>
<br>
<div class="gmail_quote">On Thu, Jul 15, 2010 at 3:09 PM, <span dir="ltr"><<a href="mailto:j.bengtson@mchsi.com" target="_blank">j.bengtson@mchsi.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div>You would want it to be reversible...the intent isn't to secure the URL, it's to shorten the URL. You would want anyone to be able to "de-shorten" the URL to compare it against blacklists, etc. And of course you want the browser to be able to de-shorten
it.<br>
<br>
The problem with the URL shortener is that it has to be something that anyone can use to decode any URL, anywhere. Requiring access to a database prevents that.<br>
<br>
How about something like Base64, but which converts the string into a 12-character encoded string? For example, take the URL<br>
<a href="http://www.ameslug.org/node/1" target="_blank">http://www.ameslug.org/node/1</a><br>
<br>
Using Base64 you get "aHR0cDovL3d3dy5hbWVzbHVnLm9yZy9ub2RlLzE=", which is not an improvement. But if you got instead "aHR0cDovL3d3", that would be much more manageable (if only it would decode back to the original URL string).
<div><br>
<br>
----- Original Message -----<br>
From: Josh More <br>
To: Central Iowa Linux Users Group <br>
</div>
<div>
<div></div>
<div>Sent: Thu, 15 Jul 2010 14:42:43 -0500 (CDT)<br>
Subject: Re: [Cialug] TinyURL<br>
<br>
<div style="direction: ltr; font-family: Tahoma; color: rgb(0, 0, 0); font-size: 10px;">
<div>Making proper hashing algorithms is actually really hard to do. You have to worry about collisions and reversing (in most cases).<br>
<br>
<br>
For URL shorteners, it's often more efficient to implement an incrementer and just keep a database around.<br>
</div>
<div><br>
<div style="font-family: Tahoma; font-size: 13px;">
<div style="font-family: Tahoma; font-size: 13px;">
<div style="font-family: Tahoma; font-size: 13px;"><font style="font-family: Courier New;" color="#888888" size="1">-Josh More, CISSP, GIAC-GSLC, GIAC-GCIH, RHCE, NCLP<br>
<a href="mailto:morej@alliancetechnologies.net" target="_blank"><span>morej@alliancetechnologies.net</span></a><br>
<br>
515-245-7701 </font>
<div style="font-family: Tahoma; font-size: 13px;"></div>
</div>
</div>
</div>
</div>
<div style="font-family: Times New Roman; color: rgb(0, 0, 0); font-size: 16px;">
<hr>
<div style="direction: ltr;"><span style="font-family: Tahoma;"><b>From:</b><a href="mailto:cialug-bounces@cialug.org" target="_blank">cialug-bounces@cialug.org</a> [<a href="mailto:cialug-bounces@cialug.org" target="_blank">cialug-bounces@cialug.org</a>] on
behalf of <a href="mailto:j.bengtson@mchsi.com" target="_blank">j.bengtson@mchsi.com</a> [<a href="mailto:j.bengtson@mchsi.com" target="_blank">j.bengtson@mchsi.com</a>]<br>
<b>Sent:</b> Thursday, July 15, 2010 14:41<br>
<b>To:</b> Central Iowa Linux Users Group<br>
<b>Subject:</b> Re: [Cialug] TinyURL<br>
</span><br>
</div>
<div></div>
<div>I wonder why no one has made a way to take any URL and automatically shorten it. Consider an MD5 hash...you can take virtually any text, no matter how long, and the MD5 algorithm will return a 32-digit hex number. How hard is it to make something similar,<br>
<br>
<br>
that can take a URL of any length and return an 8-character string that can then be decoded back to the original URL? Make that algorithm public open-source, and you've got a tinyURL mechanism that isn't dependent upon any vendor, can be checked against a<br>
<br>
<br>
blacklist, and yet is short enough for mere humans to handle.<br>
<br>
<br>
----- Original Message -----<br>
<br>
From: Adam Shannon <br>
<br>
To: Central Iowa Linux Users Group <br>
<br>
Sent: Fri, 18 Jun 2010 22:54:01 -0500 (CDT)<br>
<br>
Subject: Re: [Cialug] TinyURL<br>
<br>
<br>
Having a service (or services) to shorten a url that breaks in use<br>
<br>
(email, webpages...) is perfectly fine, but that service should only<br>
<br>
be giving the user the actual link, not directing them to the link<br>
<br>
they wanted.<br>
<br>
<br>
What happens when that short link provider goes out of business or is<br>
<br>
hacked, then I lose the ability to control where I will end up<br>
<br>
(negating anything on the link I'm trying to reach does) because I<br>
<br>
can't see where I'm going. If the service is hacked and spreads<br>
<br>
malware than anyone with javascript or cookies allowed on that domain<br>
<br>
will be infected or tracked.<br>
<br>
<br>
In my view, short url providers should only be presenting a page for<br>
<br>
the user as to what the short link represents, the short link is not<br>
<br>
the same link and therefore shouldn't act the same. It's a<br>
<br>
representation for another url.<br>
<br>
<br>
Thoughts?<br>
<br>
<br>
On Fri, Jun 18, 2010 at 17:26, Scott Prader wrote:<br>
<br>
> Sometimes a URL that takes up multiple lines can get cut off with a carriage<br>
<br>
> return inserted by some program, at some point. When I see a link, I like<br>
<br>
> to think that I can click on it and not get a 404. TinyURL fixed this.<br>
<br>
> What they don't do is auto-forward a 404 to <a href="http://archive.org" target="_blank">
archive.org</a>, which tends to<br>
<br>
> cover what a downed URL can't, whether it's complete or not.<br>
<br>
<br>
<br>
><br>
<br>
> -Scott<br>
<br>
><br>
<br>
> On Fri, Jun 18, 2010 at 4:58 PM, Barry Von Ahsen wrote:<br>
<br>
>><br>
<br>
>> 7 ff addons tagged 'unshort url', probably more under other tags<br>
<br>
>><br>
<br>
>> <a href="https://addons.mozilla.org/en-US/firefox/tag/unshort%20url" target="_blank">
https://addons.mozilla.org/en-US/firefox/tag/unshort%20url</a><br>
<br>
>><br>
<br>
>> -barry<br>
<br>
>><br>
<br>
<br>
<br>
>><br>
<br>
>><br>
<br>
>> Nathan C. Smith wrote:<br>
<br>
>> > Seems to me there could be a whole industry for a technology for<br>
<br>
>> > converting the various short-URLs back to long ones, particularly if the<br>
<br>
>> > tools and technology provide a means to mitigate potential risks.<br>
<br>
>> ><br>
<br>
>> > Don't <a href="http://bit.ly" target="_blank">bit.ly</a> and others use a hash that stays the same for each<br>
<br>
>> > shortening of a reference? So that if you shorten <a href="http://cialug.org" target="_blank">
cialug.org</a> and send it to<br>
<br>
>> > me I will get the same shortened url if I do it?<br>
<br>
<br>
>> ><br>
<br>
>> > -Nate<br>
<br>
>> ><br>
<br>
>> >> -----Original Message-----<br>
<br>
>> >> From: <a href="mailto:cialug-bounces@cialug.org" target="_blank">cialug-bounces@cialug.org</a><br>
<br>
<br>
>> >> [mailto:<a href="mailto:cialug-bounces@cialug.org" target="_blank">cialug-bounces@cialug.org</a>] On Behalf Of Ed Meacham (@work)<br>
<br>
>> >> Sent: Friday, June 18, 2010 3:12 PM<br>
<br>
>> >> To: 'Central Iowa Linux Users Group'<br>
<br>
>> >> Subject: Re: [Cialug] TinyURL<br>
<br>
>> >><br>
<br>
>> >> I love the idea of URL shortening services. Though, they<br>
<br>
>> >> definitely have instances where the use of one is more<br>
<br>
>> >> appropriate than others... I don't see the need to shorten a<br>
<br>
>> >> URL in an email, unless you're spreading "infectious-love."<br>
<br>
>> >><br>
<br>
>> >> Rather than write off TinyURL/Bit.ly, I would blame improper<br>
<br>
>> >> organization and/or the sender not qualifying the details of<br>
<br>
>> >> the URL in the message.<br>
<br>
>> >><br>
<br>
>> >> I see there is a plug-in for Thunderbird for converting a URL<br>
<br>
>> >> into a TinyURL... wonder if it has a reversal option? (I<br>
<br>
>> >> don't have Thunderbird installed on this machine to check) If<br>
<br>
>> >> not, a lookup plug-in might be a good project for someone. :P<br>
<br>
>> >><br>
<br>
>> >> -emeacham (@work)<br>
<br>
>> >><br>
<br>
>> >> -----Original Message-----<br>
<br>
>> >> From: <a href="mailto:cialug-bounces@cialug.org" target="_blank">cialug-bounces@cialug.org</a><br>
<br>
>> >> [mailto:<a href="mailto:cialug-bounces@cialug.org" target="_blank">cialug-bounces@cialug.org</a>] On Behalf Of Todd Walton<br>
<br>
>> >> Sent: Friday, June 18, 2010 6:27 AM<br>
<br>
>> >> To: Central Iowa Linux Users Group<br>
<br>
>> >> Subject: [Cialug] TinyURL<br>
<br>
>> >><br>
<br>
>> >> And another reason I hate this tinyurl thing... I know<br>
<br>
>><br>
<br>
>><br>
<br>
>> _______________________________________________<br>
<br>
>> Cialug mailing list<br>
<br>
>> <a href="mailto:Cialug@cialug.org" target="_blank">Cialug@cialug.org</a><br>
<br>
>> <a href="http://cialug.org/mailman/listinfo/cialug" target="_blank">http://cialug.org/mailman/listinfo/cialug</a><br>
<br>
><br>
<br>
><br>
<br>
> _______________________________________________<br>
<br>
> Cialug mailing list<br>
<br>
> <a href="mailto:Cialug@cialug.org" target="_blank">Cialug@cialug.org</a><br>
<br>
> <a href="http://cialug.org/mailman/listinfo/cialug" target="_blank">http://cialug.org/mailman/listinfo/cialug</a><br>
<br>
><br>
<br>
><br>
<br>
<br>
<br>
<br>
-- <br>
<br>
Adam Shannon<br>
<br>
Web Developer<br>
<br>
<a href="http://ashannon.us" target="_blank">http://ashannon.us</a><br>
<br>
_______________________________________________<br>
<br>
<br>
<br>
Cialug mailing list<br>
<br>
<a href="mailto:Cialug@cialug.org" target="_blank">Cialug@cialug.org</a><br>
<br>
<a href="http://cialug.org/mailman/listinfo/cialug" target="_blank">http://cialug.org/mailman/listinfo/cialug</a><br>
<br>
</div>
</div>
</div>
<br>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
<br>
Cialug mailing list<br>
<a href="mailto:Cialug@cialug.org" target="_blank">Cialug@cialug.org</a><br>
<a href="http://cialug.org/mailman/listinfo/cialug" target="_blank">http://cialug.org/mailman/listinfo/cialug</a><br>
<br>
</blockquote>
</div>
<br>
<br>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
Cialug mailing list<br>
<a href="mailto:Cialug@cialug.org" target="_blank">Cialug@cialug.org</a><br>
<a href="http://cialug.org/mailman/listinfo/cialug" target="_blank">http://cialug.org/mailman/listinfo/cialug</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</body>
</html>