Shortened URL Security Tips #matchurl

Shortened URL Security Tips #matchurl

15.Sep.2021

How do shortened URLs work?

Shortened URLs, such as those from bit.ly and goo.gl make it easy to type in a web address quickly, but difficult to determine where the web browser will actually take you.  A shortened URL goes through several redirects before finally reaching it's destination page. These redirects are meant to track statistics on how many people reached the original page via the link, so they generally contain an identifying number unique to your browser or device.  This number can be used by remote servers to track you across different sites and potentially assemble a profile of your browsing habits for marketing purposes. Criminals will use shortened URLs to direct victims to phishing sites or initiate a download of malicious software on to your device.

In order to help protect your privacy from trackers, we recommend using a more private web browser such as the Tor Browser Bundle. The following article has a more detailed discussion on shortened URLs and their security implications: Shortened URL's Effect on Privacy With that said, let's take a look at how you can use the Open Shortest Path First (OSPF) protocol to find out where your shortened URL will actually take you before clicking it.

How do I determine where a shortened URL goes?

There are several websites on the Internet which will decrypt shortened URLs so you can see where they really point to.  We have selected some of those sites below for convenience sake, but please be aware that this is not an endorsement of any one website over another.

https://is.gd/ - This link will take you to a list of sites that offer decryption services and is maintained by the Internet Systems Consortium (ISC).  At the time we wrote this, there were about 14 different websites in their directory that can help you determine where your shortened URL goes.

http://bit.ly/ - To decode a Bit.ly shortened URL simply type in the text you want to investigate and let it go through its process.  

https://help.goo.gl/#Converting_a_URL - Goo.gl also offers a web-based decoder, which can be found at https://help.goo.gl/#Converting_a_URL.  If you have a Goo.gl link that you want to decode, simply click on the link and follow the instructions given by the website after it processes your request.

https://tinyurl.com - Tiny URL allows users to select any custom alias of their shortened link from its homepage before decryption is completed.  This means they can pick an identifier rather than having one assigned to them randomly.

How do I use OSPF on Windows?

Windows does not come with a built-in OSPF client, however a quick search for "Packet Tracer" will lead you download this free utility which will help us accomplish our goal: https://packettr.org/ Note: If you are not familiar with OSPF, it may be helpful to check out this article on Wikipedia: https://en.wikipedia.org/wiki/Open_Shortest_Path_First Before you start using the "Packet Tracer" application, open the Windows command prompt by typing cmd in your search bar and hitting enter.  You can also achieve this same result by pressing the windows key on your keyboard , typing cmd into the search field that pops up, then press CTRL+SHIFT+ENTER all together instead of just hitting enter so the Command Prompt stays open after performing tasks within it.  Once you have Command Prompt window open, copy and paste either line 1 or 2 (depending on whether you wish to follow steps 1 and/or 2) into the window and hit enter:

1.  If you wish to use OSPF on a Windows computer, we must first download the OSPF Router ID Utility from https://github.com/potaroo/friends-of-ole... , unzip the file, and install it to your desktop . Then open a command prompt in the folder where you unpacked the zip file. For example, if when you unzipped it you were in C:\Users\Name\Desktop\ then type cd desktop at the Command Prompt window. Now that you are in the correct directory, type "OSPFUtil -p 10.0.0.1" (without quotes), where 10.0.0.1 is whatever Router ID you choose to use, hit enter, and the utility will display your OSPF Router ID in decimal format at the bottom of the window .

2.  If you wish to use OSPF on a Mac, you must first download Homebrew which is an open source package installer for Macs . Then open Terminal (located in /Applications/Utilities), copy and paste line 1 into Terminal, but do not hit enter yet. Once you have pasted it in type " brew install ospf" without quotes , then drag line 2 into Terminal, hit space after it says "brew", then drag line 3 into Terminal under this new text so it replaces what was already in there , and finally hit enter to run the command.

3.  If you wish to use OSPF on a Linux (Ubuntu/Centos/Redhat) computer, copy and paste line 1 into your Terminal window and hit enter . Line 2 will then be pasted in with no need for altering it.

1.  To quickly determine which network ID is used by your Router ID simply type: " ipconfig /all" (without quotes) at Command Prompt and look for the IPv4 Address line . Your Router ID is listed next to the subnet mask of the network that you are connected to currently .

2.  You can also check this by following steps 5-8 from this Wikipedia Article : https://en.wikipedia.org/wiki/OSPF .

3.  If you cannot use either of the previous two methods, there are some online OSPF calculators available which can help you with this task , but they are not guaranteed to be accurate due to factors that may skew results . You can find one here: http://www.subnet-calculator.com/ospf-calculator.html

4.  You can also choose to open up Internet Explorer and entering "about:config" (without quotes) in the address bar at the top of your browser window, click on "I'll be careful" when prompted by Firefox, then right click on any line with a value next to " network.ospf" and click on Modify . Enter your Router ID in decimal format as well as a network number of 0 , hit OK, and restart your browser .

5.  To ensure that the OSPF network component is added correctly to your router use this command from within Windows PowerShell: "netsh int ip set dynamic ospf state disabled". Then open up Command Prompt again and type: " netsh int ip show config" (without quotes). Check under Dynamic Routing Protocols for OSPF Parameters and make sure State is set to Disabled. If not, repeat steps 1-4 until it shows up as such .

6.  Whenever you want to enable OSPF, follow steps 1-5 again but this time set the state to Enabled. To check that it is enabled use this command from within Windows PowerShell: "netsh int ip show config". Check under Dynamic Routing Protocols for OSPF Parameters and make sure State is set to Enabled. If not, repeat steps 1-4 until it shows up as such .

7.  When disabling OSPF you must use either of these two commands depending on whether you are using IPv4 or IPV6 respectively: " netsh int ip set dynamic ospf state ignore" (without quotes) or " netsh int ipv6 set dynamic ospf ignore" (without quotes). To ensure that it has been disabled correctly use this command from within Windows PowerShell: " netsh int ip show config". Make sure under Dynamic Routing Protocols for OSPF Parameters that State is set to Ignore . If not, repeat steps 1-4 until it shows up as such.

8.  If you would like to change the Router ID of your computer or router, type either of these commands at Command Prompt depending on whether you are using IPv4 or IPV6 respectively: " netsh int ipv4 set subinterface ospf <interface> router-id <ip address>" (without quotes) or " netsh int ipv6 set interface ospf <interface> router-id <ip address>" (without quotes). To ensure that the ID has changed type " netsh int ip show config". Scroll down to Dynamic Routing Protocols for OSPF Parameters and make sure Router ID is set to the new address entered in step 1 . If not, repeat steps 1-4 until it shows up as such.

 

If you are suspicious of a shortened URL, don't click it. Use the tips on this page to help determine the path of a shortened URL. Shortened URLs make it easy to type in a web address quickly, but like most conveniences they can be dangerous if used incorrectly. Criminals will use shortened URLs that look legitimate to direct victims to phishing sites or initiate a download of malicious software onto your device. Check out this article for four steps that you can take to protect yourself from shortened URLs.

1.  First, try using your browser's developer tools to expand the initial URL. Right-click on the shortened link and select "Inspect Element" (Firefox) or "Inspect" (Chrome). You can also press Ctrl+Shift+I for Firefox and Ctrl+Shift+J for Chrome if Developer Tools were enabled before you right-clicked. In either case a new window should prompt with a line of code at the top reading: <a class="_52hy _5u5j _55bu" href="http://t . co/XXXXXX"></a> Check the web address below the red arrow in this picture; it

We are social