This started as a post about a mobile app that detects malicious links and QR codes. But it turned into a post about how we keep internal projects fun…

We have a team here that works on email abuse detection and prevention. When bad guys show up and try to abuse the email ecosystem (sigh–which is pretty much all the time), we study their behavior, their emails, their links, and we put that into an internal abuse prevention engine. It’s an ongoing internal initiative. The problem with ongoing internal initiatives is that they’re really hard to keep going, and even harder to keep innovative and fun. It’s fun when you work on an app that could help millions of users–it’s not so fun working on an internal app for a dozen co-workers. You end up feeling sorry for the guy who has to manage that internal app. It gets awkward when you bump into him in the halls and stuff. So we like to turn internal initiatives into consumer products, then platforms (we’re not all “big mandate“about it, though), that can turn into even more products. The initiatives are for our own internal needs, but the apps keep those initiatives from getting boring.

Case in point: Unfurlr, which uses our email abuse data to tell you what’s hiding behind a shortened URL. Unfurlr was a proof-of-concept to show (to ourselves) that our abuse prevention dataset could be consumerized. After that, we  platformized it, so that we could use the dataset in Mandrill and TinyLetter. Now, we’ve taked it even further and made a mobile app out of Unfurlr.

Oh yeah, I’m supposed to tell you about the app…

Read More

A tweet from @threatpost that warned: “Twitter spam may become more context-aware” pointed me over to this article that had some interesting bits, like:

“Twitter malware and spam uses a pretty straightforward attack vector. You get a twitter message from an account (usually with an attractive female avatar) telling you that you’ll get something awesome if you click on the helpfully provided link. Most people don’t click, because they realize that if a hot chick sends you a link on twitter claiming you’ll win a free iPad, it’s probably not legit.”

The author goes on to predict that twitter spam will get a lot more sophisticated and targeted, and it will get harder and harder for people to determine who to trust and who’s a bot (speaking of bots) and who’s not a bot:

“Twitter link spam will get a lot more context aware in 2012 and it’s going to be difficult to make an eyeball determination whether someone you don’t know has sent you a link because they follow you and they think you will be interested in a topic, or they are just trying to spam you”

As a matter of fact, we get a lot of tweets from scantily clad fembots that try to make us click malicious links, so we built an app to deal with that. It’s called Unfurlr, and you’re free to use it too, whenever the fembots come knocking –>  http://unfurlr.com  (bookmark it now, because they will come knocking)

And here’s a little more background info about Unfurlr.