Tech Support Forum - View Single Post

**Glaswegian** · 06-18-2009, 12:52 PM

The Cli.gs URL-shortening service yesterday reported that an attacker managed break in via a software security hole and take over 2.2 million URL links.

The Cli.gs service works like TinyURL to convert a long URL into a short link that is easier to use in e-mails, IMs and other messages. And lucky for Cli.gs users, this attack doesn't appear to have been intended to infect hapless surfers.

According to security company Sophos, the hacked links took visitors to an Orange County Register blog posting on Twitter hashtags. Anti-virus maker Kaspersky confirmed there was "No malicious code has been found on that particular page," and suggests the hacker meant to show the site was vulnerable to attack but not harm PCs.

According to the Cli.gs post, cligs editing is currently disabled to prevent further hijacks using the same security hole, and the site is in the process of restoring links from a backup. However, the latest backup is from May, so links created since then may have been lost, per the post.

Cli.gs, TinyURL and URL-shortening services in general are pulling in plenty of hacker attention. While this particular break-in doesn't appear to be malicious, crooks have used such services to obfuscate phishing links and other attacks.

http://www.techworld.com/security/ne...&NewsID=117599

06-18-2009, 12:52 PM	#1 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 25,512 OS: Win XP Pro SP3 / Win 7 Pro My System Blog Entries: 10	URL shortening service has links hacked The Cli.gs URL-shortening service yesterday reported that an attacker managed break in via a software security hole and take over 2.2 million URL links. The Cli.gs service works like TinyURL to convert a long URL into a short link that is easier to use in e-mails, IMs and other messages. And lucky for Cli.gs users, this attack doesn't appear to have been intended to infect hapless surfers. According to security company Sophos, the hacked links took visitors to an Orange County Register blog posting on Twitter hashtags. Anti-virus maker Kaspersky confirmed there was "No malicious code has been found on that particular page," and suggests the hacker meant to show the site was vulnerable to attack but not harm PCs. According to the Cli.gs post, cligs editing is currently disabled to prevent further hijacks using the same security hole, and the site is in the process of restoring links from a backup. However, the latest backup is from May, so links created since then may have been lost, per the post. Cli.gs, TinyURL and URL-shortening services in general are pulling in plenty of hacker attention. While this particular break-in doesn't appear to be malicious, crooks have used such services to obfuscate phishing links and other attacks. http://www.techworld.com/security/ne...&NewsID=117599 __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner