undefined | Better HN

0 pointstobyjsullivan2y ago0 comments

The suggestion (in both the article and the parent) is that the platforms themselves are submitting URLs. For example, if I send a link in Discord[0] DM, it might show the recipient a message like “warning: this link is malicious”. How does it know that? It submitted the url to one of these services without your explicit consent.

[0] Discord is a hypothetical example. I don’t know if they have this feature. But an increasing number of platforms do.

0 comments

internetter2y ago

Where in the article does it suggest this? The two bullet points at the very top of TFA is what I cited to discredit this notion, I read it again and still haven't found anything suggesting the communication platforms are submitting this themselves.

bombcar2y ago

Falcon Sandbox is explicitly mentioned - which is a middleware that can be installed on various communication platforms (usually enterprise): https://www.crowdstrike.com/products/threat-intelligence/fal...

Microsoft has "safe links": https://learn.microsoft.com/en-us/microsoft-365/security/off... - Chrome has its own thing, but there are also tons of additional hand-rolled similar features.

My main annoyance is when they kill a one-time use URL.

anonymousDan2y ago

Do you know if safe links is guilty of the issue in the OP?

bombcar2y ago

I suspect not because Microsoft is using their own internal system.

However, it likely exposes the content internally to Microsoft.

They do 100% break Salesforce password reset links, which is a major PITA.

tobyjsullivanOP2y ago

I thought I read it in the article but I may have unconsciously extrapolated from and/or misread this part:

“I came across this wonderful analysis by Positive Security[0] who focused on urlscan.io and used canary tokens to detect potential automated sources (security tools scanning emails for potentially malicious [links])”

I don’t see any mention of messaging platforms generally. It only mentions email and does not suggest who might be operating the tooling (vendor or end users). So I seem to have miscredited that idea.

[0] https://positive.security/blog/urlscan-data-leaks

j / k navigate · click thread line to collapse

0 comments

internetter2y ago

bombcar2y ago

Microsoft has "safe links": https://learn.microsoft.com/en-us/microsoft-365/security/off... - Chrome has its own thing, but there are also tons of additional hand-rolled similar features.

My main annoyance is when they kill a one-time use URL.

anonymousDan2y ago

Do you know if safe links is guilty of the issue in the OP?

bombcar2y ago

I suspect not because Microsoft is using their own internal system.

However, it likely exposes the content internally to Microsoft.

They do 100% break Salesforce password reset links, which is a major PITA.

tobyjsullivanOP2y ago

I thought I read it in the article but I may have unconsciously extrapolated from and/or misread this part:

[0] https://positive.security/blog/urlscan-data-leaks

j / k navigate · click thread line to collapse