Twitter now using Google filter to block some bad URLs
Posted on | August 5, 2009 | add a comment
Without much fanfare, Twitter has begun to put up some defenses against malicious web links circulating in Tweets. The social network told veteran security blogger Ryan Naraine, of ThreatPost, that it is now using Google Safe Browsing API to block some bad URLs.
In recent weeks, Twitter has been hit with porn spam, infectious worms that steal data and trigger fake scareware promotions, and phishing attacks.
Twitter’s solution is only as good as Google’s filtering tool — which has its limitations, says Mikko Hyppönen senior analyst at anti-virus firm F-Secure.
Google’s tool filters known malicious links. But it does not block bad URLs in the same way from different parts of the world. “We have reports that malicious links were still Tweetable from Brazil yesterday but they were not from Europe,” says Hyppönen.
What’s more, if a malicious link is shortened with a URL shortening service, Twitter does not recognize it as malicious any more, he says. Considering how often Tweeters, myself included, use URL shorteners, that’s a pretty big shortcoming.
“It’s still work in progress, which is probably why they have not announced it,” says Hyppönen. “But at least it’s a start.”
As I heard from several security experts at the Black Hat and DefCon security conferences in Las Vegas last week, email services, like Hotmail, YahooMail and Gmail, and popular social networks, including MySpace and FaceBook, routinely filter malicious web links.
Yet bad URLs continue to spread widely through email and the social networks.
Be careful out there.
–Byron Acohido