Free security product vets Twitter links
- 23 June, 2009 22:24
- Comments 1
As Twitter becomes increasingly abused by hackers, Finjan Software released on Tuesday a free browser add-on with a new feature that scans links and warns if they point to a page containing malware.
The SecureTwitter component is wrapped into SecureBrowsing, a plug-in for either the Firefox or Internet Explorer browsers, said Yuval Ben-Itzhak, Finjan's CTO.
SecureTwitter is designed to warn people about links that people post on the micro-blogging service. Because of Twitter's 140-character limit, most of the URLs (Uniform Resource Locators) posted have been shortened using services such as Bit.ly or TinyURL.
Those services completely obscure the true destination of the link, which is dangerous since users have no idea that they could be directed straight to a site that will look for software vulnerabilities in order to infect the PC with malware.
Even if a URL isn't shortened, it's nearly impossible to tell if a site may host malware since many legitimate sites have been hacked, too.
"The hacker is taking advantage that their content is now being served by legitimate sites, and there's high traffic on these sites today," Ben-Itzhak said. "This is how they distribute their malicious code."
SecureBrowsing shows either a green check next to a link indicating that the target Web site is fine or a red "X" if it's bad. SecureBrowsing may also show a question mark if the site can't be scanned.
Upon visiting Twitter, users will see a rotating circle as Finjan is scanning the URLs. The links are sent to Finjan's data center, which performs the scan and reports back within a couple of seconds. A pop-up window contains a link that will take a user to Finjan's site for an explanation of why the site has been flagged as bad.
SecureBrowsing will also scan links in other Web-based services and social networking sites such as Bebo, Digg, Slashdot, MySpace, Gmail and for Google and Yahoo searches.
Finjan has made SecureBrowsing free for consumers since it sells an enterprise appliance under the Vital Security brand that will scan Web links, monitor Web traffic and control bandwidth usage, among other functions.
A couple of other vendors have products similar to SecureBrowsing. AVG has a free product called LinkScanner, and McAfee has one called SiteAdvisor, both of which are intended to give users more information about the safety of the sites they're considering browsing. Neither LinkScanner nor SiteAdvisor scan Twitter links.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Bookmark this page
- Share this article
- Got more on this story? Email CIO
- Follow CIO on twitter
- Optimising your Infrastructure for Cloud Computing - Best practices for managing a cloud IT environment
- Printer Usage and Cost Management Strategies for the Australian Mid-market, an Unrealised Opportunity
- USABILITY AS AN ERP SELECTION CRITERIA
- Geek Out Best Practices
- Build Archiving Systems to Meet Compliance Demands
-
The 30 best Safari extensions -- so far
-
Apple and Google disagree over licensing of essential patents
-
Monash Uni reduces IT teams after consolidation project
-
FTC warns makers of background checking apps
-
QLD govt demands answers after pay glitch
-
ALM Buyers Guide: A Practical Guide to Choosing the Right Agile Tools for your Team
This buyer's guide describes the key criteria for application lifecycle management (ALM) solutions for today's high-performance teams. It includes key considerations for enhancing your single- or multi-vendor ALM environment. -
Miercom Report - Plug and Play Switches
Avaya engaged Miercom to evaluate the plug and play features and ease of configuration of the ERS 4548GT- PWR Edge Switch. The energy efficiency of the ERS was compared to similar switches and is discussed in this report as well. Read on. -
The Pathways ICT Leadership Development Program Brochure and Curriculum 2012
Developed by the CIO executive Council, Pathways is a unique, flexible, self-managed, self-paced 12-month CIO designed and delivered professional development program that brings together best practices, thought leadership and business insights for today’s most promising ICT professionals.
-
Beginning JavaScript and CSS Development with Jquery
-
Sun SDK, Sun One, Textpad Compiler CD 2003/2004
-
Soa Modeling Patterns for Service-oriented Discovery and Analysis
-
Software Engineerng Standards
-
InDesign Cs4 for Dummies
-
The Cissp Prep Guide
-
Computer Security Handbook, Fifth Edition Set
-
Myspace for Dummies, 2nd Edition
-
Expert One-on-one J2EE Design and Development
Get exclusive access to Invitation only events CIO, reports & analysis. 
Comments
Lloyd Borrett
AVG Protects Twitter Users
AVG LinkScanner (<a href="http://www.avgfree.com.au">www.avgfree.com.au</a>) is a free security tool from AVG that scans the pages behind ALL the links you click on, or type into your browser address bar, including Twitter links. It tells you in real-time whether the web page you're trying to view contains malicious code. This is important because criminals often leave bad URLs live for just a few hours or days, then switch pages so as to stay one step ahead of blacklists.
As reported here, it seems SecureTwitter from Finjan Software might be making the same mistake made by AVG when it first released AVG LinkScanner. If Finjan software is scanning all Twitter links that come up in the browser to give its safety verdicts, not just those links clicked on, then it will wreck web administrator analytics and put unnecessary load on web servers and users Internet usage.
If SecureTwitter is simply phoning home to get live results from a blacklist, then it is simply not proving real-time protection.
The only time that matters when you really need to be protected is when you click on a link to load the web page. That's why AVG LinkScanner checks the page you try to view in real-time.
Post new comment