Sometimes you can’t trust every link on your Twitter timeline. Yesterday, security researcher Stefan Esser tweeted the following:
Esser is the researcher who developed the Antid0te ASLR utility for jailbroken iPhones. If he helps to protect jailbroken iPhones, why would he want to infect me?
If I didn’t deal with malware on a regular basis, I might not be paranoid about URL shorteners. I know that adding a “+” to the end of these types of shortened URLs will take me to the stats page where I can see the total number of clicks (in this case, just over 150, 15 minutes after the tweet) and the original URL. The page appears to be hosted on his Antid0te site, so it must not be all bad. Time to grab the page source with wget to see what we can find:
Shortly after the first tweet, he followed up with:
Taking another look at the bit.ly stats page nearly 24 hours later, the total click count has exceeded 2,700. And more than 100 retweets. That’s a lot of people who got sucked into this prank.
In this case it turns out Stefan is just trying to warn us, if a bit harshly, about carelessly clicking on links. Keep in mind that occasionally our friends’ accounts get hacked–it benefits all of us to be a bit paranoid of shortened URLs.