Esser is the researcher who developed the Antid0te ASLR utility for jailbroken iPhones. If he helps to protect jailbroken iPhones, why would he want to infect me?

If I didn’t deal with malware on a regular basis, I might not be paranoid about URL shorteners. I know that adding a “+” to the end of these types of shortened URLs will take me to the stats page where I can see the total number of clicks (in this case, just over 150, 15 minutes after the tweet) and the original URL. The page appears to be hosted on his Antid0te site, so it must not be all bad. Time to grab the page source with wget to see what we can find:

If he’s hiding some nasty JavaScript at 157 bytes, it must be pretty compact. Looking at the HTML source file it appears there’s no scripting at all, just a bunch of text within standard heading tags. In fact it contains only the following:

Shortly after the first tweet, he followed up with:

Taking another look at the bit.ly stats page nearly 24 hours later, the total click count has exceeded 2,700. And more than 100 retweets. That’s a lot of people who got sucked into this prank.

In this case it turns out Stefan is just trying to warn us, if a bit harshly, about carelessly clicking on links. Keep in mind that occasionally our friends’ accounts get hacked–it benefits all of us to be a bit paranoid of shortened URLs.

 In a blog post by Linda Criddle, online safety expert and founder of LOOKBOTHWAYS, Inc. says, “If you received an email, or saw a posting saying ‘hey, check out these cool cartoons’ and saw the URL you were directed to click on was http://let-me-give-you-a-nasty-virus, you wouldn’t click on it. However, if the URL was shortened to look like http://bit.ly.12xtdf, you might not take the same care – even though it takes you to the exact same malicious site.”

It is really critical to slow down and pay attention while surfing the interwebs. Here are a few things that I do to make sure I click carefully:

1.       In email, check who the email is from and make sure you know who it is or that it is from a source that you have subscribed to.

2.       Hover you mouse over the link imbedded in the email, the actual address shows up on the lower left hand corner of your browser window.

3.       In social networks, only click on links that show a preview of the link. (Twitter will show a preview if you hover over it, facebook shows a photo preview next to the link…)

4.       Never click on links to banks and credit card companies. Criminals work very hard to make phony sites look just like the site you are used to visiting. Keep yourself safe by manually typing in the address or using your bookmarks.

If you want to shorten a link and make sure you protect your friends, why not use McAfee url shortening service, www.mcaf.ee? That way your friends can take one look and know it is safe to click on that shortened url.

Stay safe out there!

Tracy

@McAfeeCyberMom on Twitter

Tip 1 – Think before you tweet – actually this is the case with all cyber communications, you should always think long and hard about what you are communicating before sending. Once you hit enter, it’s out there for all to see – FOREVER! And can be re-tweeted to even more people and so on and on and on.  So take a moment before you hit enter – is it really something you want to share with the whole world?

Tip 2 – Don’t give too much away – be aware of the type of information you are providing. Are you displaying your name, where you work, what your birthday is, where you live? Anyone could see your tweets and it’s so easy for cyber criminals or predators to build a profile of you over time from what you think is harmless information.

Tip 3 – Think before you click – yep there it is again – think!! Be careful when clicking on shortened URLs. If it has been tweeted by someone you don’t really know or trust it might be wise not to click on links. Also be wary of strange tweets from friends that don’t make sense – their account may have been compromised and links may lead to trouble. Remember, if in doubt – don’t click!

Tip 4 – Don’t be too trusting – While Twitter can be a great networking medium, do you really know if the people you are networking with are who they say they are.  You only have to listen to the news to know that this is not always the case! You should also never agree to meet up someone that you have met online.

Really it’s all about common sense, so be aware and enjoy your time in the Twittersphere.

Would love to hear about your experiences using Twitter or if you have any questions on cyber security for your family, drop me a note at:

Cybermum@mcafee.com
www.mcafee.com/mumblog

Stay safe in cyber space,

Moira