[Owasp-bahrain] Twitter shields up with an extra layer of Security

Hussein Nasser hus.mhd at gmail.com
Sun Dec 2 10:44:57 UTC 2012


<http://1.bp.blogspot.com/-a9uswf2Inhg/T0S4YbANyTI/AAAAAAAAAl0/A2rc3CQ2MNs/s1600/Twitter-Testing-URL-Bypass-Feature-T.co_.jpg>
With their t.co domain, any posted URL in twitter will be shielded with
this domain. Basically the shortened link of t.co will redirect to the URL
giving twitter folks a door to process the link.

This way twitter can track and run security checks on all links on twitter.
In case of any malicious links, Twitter can easily delete the reference and
protect twitter users.

Of course this created an extra work for 3rd
party<http://hnaser.blogspot.com/2010/06/rettiwt-v10-for-google-chrome.html>
twitter
clients, and URL shorten services like
twitlonger<http://www.twitlonger.com/index.php/main_new>,
in particular. Clients should now unpack the t.co to get the original URL
before processing links.

As I wrote in a previous post added security decrease
performance<http://hnaser.blogspot.com/2009/04/flexibility-stability-compromise-simple.html>
most
of the time.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-bahrain/attachments/20121202/5579995a/attachment.html>


More information about the Owasp-Bahrain mailing list