Over the past six months or so I’ve been looking at hyperlink spoofing threats as a bit of a part-time project. I’ve primarily been interested in how the design of social networking platforms impacts the ability of their users to make good trust decisions regarding hyperlinks. The interaction between social networking services and short-link services has also shown to be worthy of some analysis.
While the issues in this space don’t tend to rank highly “on a scale of one to l33t,” I found it to be an interesting area because existing design practices appear inconsistent and suboptimal with regard to security.
As social networking platforms are changing very rapidly, the specific examples in this write-up will become dated quickly, if that isn’t already the case. I'm more hopeful that the enumeration of issue types as well as the conclusions / recommendations in this write-up will stay relevant in the future.
Hyperlink Spoofing and the Modern Web