Digg has launched its new feature called DiggBar. A Neat Silver bar which has got features like ” Digg” , ” Bury” , ” Sources” etc… along with the Digg URL shortening service makes these feature a hot bed for hackers and phishers. Could Diggbar + Url shortening result in identity theft ? Lets see whether its possible or not !

 

 

 

 

What is URL shortening ?

 

Its the process of making a 100 mile long address into few cm long address. Its until when the shortened URL adress gets revealed after the target page is reached. Its simple , Go to www.tinyurl.com and enter a long address and it churns out a short address , then you click on the shortened version of the URL , it redirects you to the page and it reveals the real address of the redirected page.

 

So What is the Problem realted to Digg Bar ?

 

the real problem now is , the digg even though it redirects to the real page,  it fails to reveal the actual address. This is very seriuos consequence as the visitors are virutally enter a site , which could possibly be a phising site.!!! 

 

All you have to know about phising site can be got here : http://en.wikipedia.org/wiki/Phishing

 

From wiki : 

A further problem with URLs has been found in the handling of Internationalized domain names (IDN) in web browsers, that might allow visually identical web addresses to lead to different, possibly malicious, websites. Despite the publicity surrounding the flaw, known as IDN spoofing^[29] or homograph attack,^[30] phishers have taken advantage of a similar risk, using open URL redirectors on the websites of trusted organizations to disguise malicious URLs with a trusted domain

As stated with plain address in our address bar , we are finding it very hard to find the phising site. Now with Digg hiding the real address , who knows what is in box for the unforutnate netizens.!

Another Quote from Symantec..

 

From Symantec :

 

When submitting confidential information over the Internet, verify the site is secure. Just because the site’s address begins with https doesn’t necessarily mean the site is secure. Phishers may use URL masking techniques to mimic the secure address of an authentic company. Before submitting your information, confirm the URL’s authenticity by clicking on your browser’s “locked” symbol. 

 

 

So how to prevent your site from URL masking ?

For Webmasters , who dont want to show thier visitors the Diggbar over thier website can use the following code.Paste the code in your web page ( anywhere ) , this will break the URL masking!

 

<script type=”text/javascript”>

var domain = “example.com”;

var redirect = “http://example.com/page.html”;

if( (location.hostname != domain) && 

    (location.hostname != “www.”+domain) 

  ) { location.href = redirect; }

</script>

Here is the list Of DiggBar`s Nasty Features

1. Can potential phising websites
2. Can interfere with top bar Ads since the diggbar now will push the webpage further down , making it unsuitable to read.
3. It aint cool to put some bar over others website!!!
4. Can possibly LEAD TO IDENTITY THEFT !!!!!

Even though the list isnt complete , I dont want to think more of that nasty bar ..

What changes should be done ?

 

1. Should change thier URL shortening service to show the REAL address .
2. The Diggbar should be optional , should not be FORCED. May be it can be given as firefox add-on , that would be much welcomed 
3. Moreover , even if we registered users after digging the article , the digg bar shows option to digg , which should be changed to ” DUGG “
4. At the most , DiggBar should be Removed.

Its better digg stick to their Intial Plan of being a social bookmarking and solve thier current Slow Loading problem
Please leave your thoughts in the comments.