Home » News Stories » A Short Lesson in URL Hacking

News Stories

Job Search


Back to News »

A Short Lesson in URL Hacking

Share this:
digg it  | kickit | Email it | | reddit | liveIt
Subscribe to IrishDev News RSS Add to Google
DateTuesday, June 16, 2009

A Short Lesson in URL Hacking

Security Firm Sophos Report on How A Blogger  Gets Over 2.2million Hits After Popular URL Shortening Service is Hacked



Kevin Sablan received over 2.2million hits to his website as URL shortening service Cligs is hackedExperts at IT security and control firm Sophos are advising computer users to be wary of shortened URLs like TinyURL, and as they have increasingly become part of many computer users' everyday lives with the surge in popularity of micro-blogging websites like Twitter.




The warning follows news that Cligs, recently ranked as the fourth most popular URL shortening service on Twitter, has been hacked and on Sunday was redirecting millions of links to a story about Twitter hashtags by blogger Kevin Sablan (pictured above) of the Orange County Register.



Sablan noticed the unexpected rise in traffic on Monday morning and has subsequently blogged about the experience of having 2.2 million links temporarily pointing to his blog post. A statement on the Cligs website suggests that a security vulnerability in its edit functionality allowed a malicious hacker to change the destination of millions of shortened URLs. The company also admitted that it hasn't been getting daily backups since early May.



Graham Cluley, senior technology consultant at Sophos said, "While Cligs is nowhere near as popular as the likes of TinyURL, it is still used by a substantial number of people, so you can imagine the disruption that can be caused if links no longer go where they are supposed to. These services are becoming indispensable with more and more people using Twitter and needing to make their point in 140 characters or less, and this is not the first time we have seen spammers and hackers abusing these systems.

"While it's not clear what the intentions of the fraudsters were in this case, they could have easily redirected millions of shortened URLS to a website hosting malware," Cluley continued.



While these services should be making their systems as secure as possible, similar incidents are likely to happen again.  and so it's important that computer users don't automatically trust links on websites like Twitter. Sophos recommends users consider running a plug-in that will expand links before clicking on them.




People reading this article also read....

More Sophos News on


More Virus News on


More Security News on


More Twitter News on


Renaissance - Sophos Distributor in Ireland


See Web Scalability Feature Friday Article on




Get Instant Updates....

Join on Facebook and Twitter




Got a Story – Share it with the Irish Software Community – Email us at

Back to News »
digg it  | kickit | Email it | | reddit | liveIt | RSS