Websense announced this week that it started working with bit.ly to prevent hackers from abusing the shortening service and tricking users into visiting sites hosting malicious content. One of the leading URL shortening services for social networking sites such as Twitter, bit.ly and others like it have been subject to a wide spectrum of chicanery carried out by the bad guys of the Internet. These types of services offer malicious hackers a reliable way to hide the actual contents of a URL, offering the means to fool even knowledgeable users into visiting seedy sites.
Websense will help protect bit.ly users by analyzing content behind bit.ly shortened addresses using the carrier-grade Websense ThreatSeeker Cloud. This security-as-a-service offering will conduct full content analysis for the IP sources, websites and web content behind bit.ly links. This includes categorization and rputation analysis of the full URL, with heuristics performed on the history, age, geography and search reputation of the site. If Websense finds the URL to be a malicious site, bit.ly will show an alert and give the user the choice of whether or not to continue.
“With the Websense security-as-a-service API powering our security intelligence, we will be able to better serve our customers and enable their use of Web 2.0 social media technology while protecting them from the latest threats,” said Andrew Cohen, bit.ly’s general manager, in a statement about the partnership.
According to Websense security experts, providing such protection on an exponentially growing service such as bit.ly would have been near impossible under traditional security models. In October alone, bit.ly processed over two billion shortened URLS and by the end of the year it plans to process over a million links per day through the Websense engine. The only Websense could work on such a huge and rapidly expanding scale is through the cloud, says Devin Redmond, Websense vice president, product management and business development.
“The security issues Websense addresses for URL shortening services and social media users would have been impossible only a few years ago — and today this protection is only made possible by our breakthrough, scalable cloud-based security-as-a-service infrastructure,” he said