Insights For Success

Strategy, Innovation, Leadership and Security

Turn your legit link into a scary one

GeneralEdward Kiledjian1 Comment
fear-3196246.jpg

When Google finally shut down its Goo.gl shortening service, I wrote an article about the best alternative URL shorteners. 

Security specialists cringe at these services because they can often be used to hide attacks, but when brute forced (using a program that tries to find valid links automatically), you can usually find classified or confidential information. If you are interested in this type of research, check out this academic paper entitled "Gone in Six Characters: Short URLs Considered Harmful for Cloud Services."

short1.PNG

The TLDR is that shortened URLs can be scanned using automation and doing so reveals a tone of Microsoft OneDrive accounts storing private information (most unlocked). Knowing that these files are automatically downloaded (most of the time) to the user's PC through synchronization, a threat actor can weaponize them. The researchers also discovered location information such as driving instructions for specialize medical services, prisons or adult establishments. 

Make that link scary

None of these valid concerns is the reason I wrote this article though. The purpose of this article is to take legitimate links and make them scary (at least for tech-savvy recipients). 

The purpose of VeryLegit is to take good links and make them scary (without actually being dangerous of course).

When asked how the service works, the humorous authors deliver this little gem:

Due to rapid advancement in dark ritual technology, the programming community has streamlined the development and deployment of unspeakable eldritch horrors. Using robust open-source libraries like a sack of live geese, websites like this one can be developed with far more efficient sacrificial rituals than ever before. We’re still stuck on the version with really inefficient sacrifical rituals though, due to comp͆aͭatib̊i̼͕l̈̿i̮̜t̚y̅ ͊i͋s̾s̢͈͠u̶e̛̊s̼̃.
— verylegit.link

Let's try it

1 - You copy a link like my article about Google Tasks  "https://www.kiledjian.com/main/2018/4/25/google-launches-new-tasks-app-mobile-web"

2- You paste it into the magical input box

short2.PNG

3 - You click on Make it look dodgy

4 - You copy the scary looking link (http://ctf.verylegit.link/+javaexploit_970speedupurpc!!install-now!!java0day.docm.js.pdf) and voila.  Scare the pants of a tech-aware friend. 

short3.PNG

It will redirect you to your original link only adding lots of scary extensions typically used by scammers and Nigerian princes wanting to give you millions of dollars.

So welcome to Monday, time to have some fun.