The title might sound a bit harsh, but with all these “good” people trying to protect you, where is the line between protection and censorship?
Byron Acohido (@byronacohido) just posted this tweet
I personally hate these short URLs, but I thought this sounds interesting. The reason I hate these short URLs is that you don’t know where they take you (this one takes you from bit.ly/1eUu9e2 to t.co/yzm89jFvxS In this case it leads you to this:
Wow… That’s what I preach almost daily… Watch out what you click on!!! And now I have to be saved by twitter??? Let’s have a look what this page really is all about:
Now I don’t care too much about whether TouchID has been hacked yet, but this almost crosses the line for me where twitter’s security team has been a bit too “motivated” to block content that is definitely not malicious.
What’s next? What other pages will be blocked in the name of security?
A very valid question that comes up all the time is “how do people get infected with malware” or “how do people lost personal information?” and there are so many ways that people are blown away by some of the examples I show them.
Today I came across one nice one again… Malicious Ad’s or Search Engine Poisoning… I used coinbase for some bitcoin activities and I wanted to transfer some bitcoins. So I typed in “bitcoin” into google and this is what came up
So far so good and everything looks great. I now just click on the first link as this is an ad where someone pays Google money and Google not being evil, must mean that this is good, right? wrong.
All visual signs suggest that this is legitimate and the URL goes to google.com, but that should be ok as well, right? A look at the source reveals that this goes to google before it goes to one URL shortener to another URL shortener and then to the final destination!)
after the first URL shortener, we’ll see this!
Luckily it was already known that this site is up to no good, as this server did hold a number of “nice” phishing pages designed to steal your bitcoin wallet information. With the current price of over 120 USD for one bit coin, that could be a very lucrative business
Some examples are:
Approximately 1h after notifying google, the malicious ad was gone, but please make sure you double-check where you click on.