Unusual Link Behavior

Dear GeekWisdom,

Why is that then I open certain links embedded in emails or documents 

eg:https://.../fetchvideo?videoid=123

It works just fine pasted into my browser location, but I get an error clicking on it if inside an embedded email?

Sincerely,

Odd Link Behaviour

Dear OLB,

I believe you may have stumbled on an “intentional” security feature !

If -  I understand correctly –fetchvideo?videoid=123   is designed to open a browser window, find a file, download it to your machine and then execute it without any user intervention. I suspect the web application is doing this this via a 302 redirect header.

Imagine if clicking on the link inside the email DID actually work, it would be a great way to spread a virus, just have the virus email everyone in your contacts saying ‘hey check this cool link!’ and BOOM! everyone that trusts you and clicks on your link gets infected.

Now of course, in your case, this app is trying to open a media file (not an executable file), but media files can be potentially corrupted into executing, so I suspect either MS or some other virus scanning software is simply detecting the link is being opened from another application (ie: email) and catching the attempt to auto execute it without user intervention, and stopping the file.  One way MS does this is by running Outlook and other apps in a special ‘protected zone’ when opening links embedded into them.

Since the user can still copy & paste, if it is a ‘security feature’  I suggest it isn’t a particularly well designed security feature, but oh well!

Generally speaking, opening a browser window serving a file and closing the window is very ‘suspicious’ behaviour, in my humble opinion.

If you are the person who authored the ‘fetchvideo’ web application You *might* have more luck having trying one of the following approaches instead.

  1. 302 redirect to a network file location file:// instead or a plain non-authenticated http:// server (particularly one suited for media streaming)
  2. Display the link instead and simply wait for the user to click on it
  3. Display the link and add some JavaScript that navigates to the link after ‘X’ seconds
  4. Instead of redirecting with 302, binhex the output of the actual mp4 with content headers like this;
          Content-Type: video/mp4
          Content-Transfer-Encoding: Binary
          Content-disposition: attachment; filename="trainingvideo.mp4"

These are in order of preferred, option #4 may use a lot of resources on your web server  slowing down everything else and potentially disappointing your users -  so I wouldn’t recommend it, unless nothing else works.

Good Luck!

If you liked this post please consider sharing via your favorite social networks!!

and ..if you like my blogging, video, audio, and programming - please consider becoming a patron and get exclusive access @ Patreon.com/GeekWisdom

Comments

Popular posts from this blog

There's a bug in the keyboard driver...(dear liza)

Password Security Challenge - Last Pass & 1Password

What is Multi Factor Authentication (MFA / 2FA)?? and Why does it matter??

About the Book - Geek Wisdom

The Programmer's Dilemma

Despite of how it looks - I'm not part of a coup d'etat

Brad's Weekend of Coding - Day 1 - Summary

The Most Dangerous Software on the Internet!

Eco Cycle Planning Resources, Toastmasters & Unicorns

IT Security Myths & Legends