Search This Blog

Tuesday, October 18, 2005

TinyURLs: a matter of trust

NETWORK WORLD NEWSLETTER: M. E. KABAY ON SECURITY
10/18/05
Today's focus: TinyURLs: a matter of trust

Dear security.world@gmail.com,

In this issue:

* It all comes down to whether you trust the author
* Links related to Security
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Websense
What's new with Websense?

Websense(r) announces Websense Remote Filtering which extends
the industry leading web filtering and web security protection
to users outside the network. This new technology ensures
secure employee internet use anytime, anywhere! Find out how
Websense takes your endpoint security strategy to the next
level:
http://www.fattail.com/redir/redirect.asp?CID=117516
_______________________________________________________________
IS WIMAX REALLY JUST AROUND THE CORNER?

With excitement building about WiMAX, you might be surprised
that, technically, no real WiMAX products are available yet.
That is, none that meet the 802.16 profile as defined by the
WiMAX Forum and certified compatible by the Forum's appointed
lab in Spain. Will there be products? Click here for more:
http://www.fattail.com/redir/redirect.asp?CID=117724
_______________________________________________________________

Today's focus: TinyURLs: a matter of trust

By M. E. Kabay

Reader Andy Swenson, CISSP of the security consulting group
Tribridge, wrote to me recently about my use of TinyURL links
<http://www.tinyurl.com/>. He has kindly allowed me to quote him
in this newsletter.

Swenson wrote:

"I read your Network World e-mail newsletter on a regular basis
and was disappointed to see you using only the TinyURL links in
the newsletter. I feel that in any security-oriented newsletter
you should include the full link so readers can cut and paste
after deciding on the site. With TinyURL, a reader really has no
idea where they are being sent until after the fact. While I may
be paranoid (it is my job after all), I don't just click on
links even from trusted sources without looking at where they
are taking me."

I wrote back:

Thank you very much for your thoughtful comments and for taking
the time to write to me at all - it is a pleasure to receive
mail from readers.

I think you are right: The issue of sending readers to an
unknown site is a problem that troubled (and still troubles) me.
I thought about it for quite a while before deciding that very
long URLs were an obstruction to smooth reading of the text.
Using those shorter but unknown links thus becomes an exercise
in trust, much like using a PGP public key.

If you trust that:

A) I created the TinyURL.

B) It still goes where it was intended.

C) The editors didn't make a typographical error in preparing
the final text.

Then you have to decide whether you trust _me_ <smile>.

On the other hand, I suppose that simply seeing a URL to a
strange site completely spelled out conveys no information of
its own, although it does allow one to check the DNS
registration information.

As with so many issues in security, this is a tradeoff between
security and functionality. I will continue to evaluate the
relative merits of long URLs vs. convenience.

The top 5: Today's most-read stories

1. Cisco finally brings security push to LAN
<http://www.networkworld.com/nlsec9066>
2. Exploit code discovered for new Microsoft flaw
<http://www.networkworld.com/nlsec9067>
3. You won't find this book on Oprah's list
<http://www.networkworld.com/nlsec8533nlsecuritynewsal8590>
4. HP recalls thousands of laptop battery packs
<http://www.networkworld.com/nlsec9068>
5. Skype: Hazardous to network health?
<http://www.networkworld.com/nlsecuritynewsal7851>

_______________________________________________________________
To contact: M. E. Kabay

M. E. Kabay, Ph.D., CISSP, is Associate Professor in the
Division of Business and Management at Norwich University in
Northfield, Vt. Mich can be reached by e-mail
<mailto:mkabay@norwich.edu> and his Web site
<http://www2.norwich.edu/mkabay/index.htm>.

New information assurance journal - Norwich University Journal
of Information Assurance (NUJIA). See
<http://nujia.norwich.edu/>
_______________________________________________________________
This newsletter is sponsored by Websense
What's new with Websense?

Websense(r) announces Websense Remote Filtering which extends
the industry leading web filtering and web security protection
to users outside the network. This new technology ensures
secure employee internet use anytime, anywhere! Find out how
Websense takes your endpoint security strategy to the next
level:
http://www.fattail.com/redir/redirect.asp?CID=117515
_______________________________________________________________
ARCHIVE LINKS

Archive of the Security newsletter:
<http://www.networkworld.com/newsletters/sec/index.html>
Security Research Center:
<http://www.networkworld.com/topics/security.html>
Instant sign-up for Security News Alert:
<http://www.networkworld.com/isusecna>
Instant sign-up for Virus & Bug Patch Alert:
<http://www.networkworld.com/isubug>
_______________________________________________________________
WEBCAST: OfficeMax: Revolutionizing Email Security

Join Sean Powell, IT Security Lead at OfficeMax, and find out
how his organization: Reduced administration to 10 minutes/week
- Stopped spam and phishing at the perimeter - Eliminated
directory harvest attacks - Centralized control - Saved $400k
per year.
http://www.fattail.com/redir/redirect.asp?CID=117575
_______________________________________________________________
FEATURED READER RESOURCE

Network World Technology Insider on Security: Is Encryption the
Perspective?

Encryption won't solve all your security issues but these days
there is no excuse for not safeguarding your organization's
sensitive data. From Clear Choice product coverage to new
regulations and high-profile breaches, this Technology Insider
on Security covers it all. Click here to read now:

<http://www.networkworld.com/nlsec7411nlsecuritynewsal7443>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)