Simon Willison’s Weblog

Subscribe
Atom feed for tinyurl

6 items tagged “tinyurl”

2010

apache.org incident report for 04/09/2010. An issue was posted to the Apache JIRA containing an XSS attack (disguised using TinyURL), which stole the user’s session cookie. Several admin users clicked the link, so JIRA admin credentials were compromised. The attackers then changed the JIRA attachment upload path setting to point to an executable directory, and uploaded JSPs that gave them backdoor access to the file system. They modified JIRA to collect entered passwords, then sent password reset e-mails to team members and captured the new passwords that they set through the online form. One of those passwords happened to be the same as the user’s shell account with sudo access, leading to a full root compromise of the machine.

# 14th April 2010, 9:08 am / apache, incident, jira, passwords, security, tinyurl, urls, xss

2009

JSLitmus. “A lightweight tool for creating ad-hoc JavaScript benchmark tests”. Includes an ingenious hack for graphing the results—it generates a Google Chart, then provides a TinyURL for viewing that chart in the future. The TinyURL is generated by pointing an inconspicuous iframe at the TinyURL API and letting the user copy-and-paste the resulting shortened URL directly out of the iframe.

# 28th October 2009, 5:11 pm / benchmarking, google-charts, iframes, javascript, jslitmus, tinyurl

rev=canonical bookmarklet and designing shorter URLs

I’ve watched the proliferation of URL shortening services over the past year with a certain amount of dismay. I care about the health of the web and try to ensure that URLs I am responsible will last for as long as possible, and I think it’s very unlikely that all of these new services will still be around in twenty years time. Last month I suggested that the Internet Archive start mirroring redirect databases, and last week I was pleased to hear that Archiveteam, a different organisation, had already started crawling.

[... 920 words]

5:37 pm / 11th April 2009 / bookmarklets, dave-winer, django, joshua-schachter, kellan-elliott-mccrea, projects, python, revcanonical, tinyurl, urls

TinyURL—Archiveteam. Excellent: the Internet Archive are crawling TinyURL (and hopefully other URL shortening services as well). The wiki page was created back in January. UPDATE from comments: Archiveteam are a separate organisation from the Internet Archive.

# 3rd April 2009, 11:11 pm / archive, archiveteam, internet-archive, tinyurl

The Internet Archive should actively partner with bit.ly / tinyurl.com / icanhaz.com etc. and maintain a mirror database of their redirects

Me, on Twitter

# 8th March 2009, 2:59 pm / bitly, icanhaz, internet-archive, me, tinyurl, twitter, urlshorteners

2008

json-tinyurl. Because sometimes you want to be able to create a shorter version of a URL directly from JavaScript without hosting your own server-side proxy.

# 27th August 2008, 10:58 am / appengine, javascript, json, jsonp, jsontinyurl, projects, tinyurl

Related