[143706] in North American Network Operators' Group
Re: How long is your rack?
daemon@ATHENA.MIT.EDU (Steven Bellovin)
Mon Aug 15 11:32:26 2011
From: Steven Bellovin <smb@cs.columbia.edu>
In-Reply-To: <m2zkjadare.wl%randy@psg.com>
Date: Mon, 15 Aug 2011 11:31:36 -0400
To: Randy Bush <randy@psg.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Aug 15, 2011, at 10:12 21AM, Randy Bush wrote:
>> I've always wondered if the next cisco/juniper 0 day will be =
delivered
>> via a set of exploits delivered via a link posted to NANOG. :) Maybe
>> I'll do a talk at DEFCON next year about that.
>=20
> more likely a 'shortened' url. how anyone can click those is beyond =
me.
>=20
I'm curious what your objection is.
Mine is privacy -- the owner of the shortening site gets to see every =
place
you visit using one of those. I don't think there's a significant =
incremental
security risk, because the URL you click on doesn't tell you what you'll
receive in any event. Case in point: =
https://www.cs.columbia.edu/~smb/SMBlog-in-PDF.pdf
does *not* yield a PDF. (As far as I know, it's a completely safe URL =
to
click on, but I can't guarantee that someone else didn't hack my site. =
I, at
least, haven't put any nasties there.)
Yes, when you avoid shortened URLs you get some assurance of the owner =
of
the content. Given the rate of hacking -- is anyone really safe from a=20=
determined amateur attack, let alone state-sponsored nastiness? -- and
given the amount of third-party content served up by virtually all =
ad-containing
site, you really have no idea what you're going to receive when you =
click
on any link.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
