New URL Shortener Hijacks Browsers for DDoS
In order to outline the dangers of implicitly trusting shortened URLs, a student has launched a service which generates links that take users to their destination, but also hijack their browsers for DDoS.
Called d0z.me, the service is the creation of Ben Schmidt (@supernothing307), a computer science major at University of Tulsa, who describes himself as a security enthusiast.
The URL shortener was inspired by the recent distributed denial of service (DDoS) attacks launched by Anonymous and in particular the Web version of the group's Low Orbit Ion Canon (LOIC) tool.
This recently created JavaScript-based LOIC allows people to voluntarily join a DDoS effort by visiting a Web page instead of installing an application on their computers.
The tool works by modifying an image tag's src attribute in order to force the browser to continuously send HTTP requests to the targeted server.
Another motivation for his project, according to Schmidt, was the increasing number of obscure URL shorteners available to users.
"This is quite worrying, as it encourages people to trust all shortened links they happen to come across, even ones they've never seen before, and acquire a false sense of security in the knowledge that it will take them to the destination advertised by the text," the student
No comments:
Post a Comment