A URL is a URL is a URL%u2014really? URLs play vital roles in providing brief me

Question

A URL is a URL is a URL%u2014really? URLs play vital roles in providing brief meaningful descriptions of sites and their content, assisting users in finding sought-after content, and bookmarking content important to visitors. In a Microsoft Word document, please write a short essay on proper URL formation.

Please provide one example of a poorly done URL and one example of a highly effective URL. Explain the criteria for your two selections. In your critiques of the two URLs, you should contrast the two and explain how their composition impacts their usability and effectiveness. What would be a more effective suggestion for the poorly done URL?

Please send answers to corruptblues@gmail.com

Explanation / Answer

In fact, most people have no idea how to tell a good URL from a bad one. A recent Indiana University study I co-authored with Jacob Ratkiewicz (download PDF) showed that Internet users are not the least suspicious of so-called cousin-name domains. A cousin-name domain is a URL like www.democratic-party.us that is "semantically correct" - in this case it makes it look like it should belong to the Democratic Party. The study also showed that most people do not identify sub-domain attacks in which the subdomain is used to semantically defraud -- like www.wachovia.pin-update.com has nothing to do with Wachovia. Part of the problem is that people are people, not string matching machines. We are just not very good at remembering things verbatim, but we are pretty good at making sense of cues - which is what gets us into trouble. But that's not all. The problem is made worse by companies that register and use domains that have nothing in particular to do with their brand. Like www.accountonline.com, which belongs to CitiBank and is used to access credit card accounts. Why not use the regular citibank.com domain? Or at least citicards.com? Now, CitiBank is not the only financial institution that uses weird domains ... unfortunately, this is the rule rather than the exception. What should we conclude from this? First of all, phishers and crimeware authors will make increasing use of deceptive domain names. This means that blacklisting will become less and less meaningful and that we will have to rely on whitelisting, heuristics, and our own ability to be careful. Not a happy thought. What do we need to do? First of all, we need to educate our users (see www.SecurityCartoon.com and http://cups.cs.cmu.edu/antiphishing_phil/ for two lighthearted approaches). Second, service provides need to think about what domains they use and how any inconsistencies may come back to haunt them. And third, we need to develop tools that recognize what people can and cannot do.

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.