We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Cli.gs hack shows vulnerability of URL-shortening

Attacker takes over 2.2 million URL links

The Cli.gs URL-shortening service has reported that an attacker managed break in via a software security hole and take over 2.2 million URL links.

Cli.gs works like TinyURL to convert a long URL into a short link that is easier to use in emails, IMs and other messages. And lucky for Cli.gs users, this attack doesn't appear to have been intended to infect hapless surfers.

According to security company Sophos, the hacked links took visitors to an Orange County Register blog posting on Twitter hashtags. Antivirus maker Kaspersky confirmed there was "No malicious code has been found on that particular page", and suggests the hacker meant to show the site was vulnerable to attack but not harm PCs.

According to the Cli.gs post, cligs editing is currently disabled to prevent further hijacks using the same security hole, and the site is in the process of restoring links from a backup. However, the latest backup is from May, so links created since then may have been lost, per the post.

Cli.gs, TinyURL and URL-shortening services in general are pulling in plenty of hacker attention. While this particular break-in doesn't appear to be malicious, crooks have used such services to obfuscate phishing links and other attacks.

To foil these dirty tricks, Firefox users can use the straightforward LongURL add-on, which will display the full URL for links from any shortening service in a pop-up. Also, the TinyURL service allows setting a preview option (with a cookie) to see the URL before visiting it.

See more:

PC security advice

PC World US magazine

IDG UK Sites

Best iPad Air 2 and iPad mini 3 deals: Find the best contract for your new iPad

IDG UK Sites

The iPhone is doomed. Doomed to be marginally less successful than a very successful thing.

IDG UK Sites

How to prototype native mobile apps without writing code

IDG UK Sites

How to prepare for and update to OS X Yosemite: Get your Mac ready to download & install Apple's...