Did you know you just dropped a 0day on twitter? 
-
-
-
Wait... are you serious? They... actually embed the private cert somewhere? I was just laughing at the domain name.
- Još 12 drugih odgovora
Novi razgovor -
-
-
So, some history: It used to be folks would get certs for “localhost”, just like they would from “webmail”, despite no CA ever having validated the name. They just relied on pinky promises to be good. Luckily, browsers forbid thathttps://mobile.twitter.com/sleevi_/status/1202042466402230273 …
-
Then, they started doing real domain names, but that redirected to localhost, like “http://github-localhost.com ”. Github, Blizzard, Dropbox, I’ve lost count how many. While not intrinsically against the rules, the only way this works is shipping the private key to millions of users.
- Još 10 drugih odgovora
Novi razgovor -
-
-
Tweet je nedostupan.
-
-
-
Thanks for calling our attention to this matter. We did not receive a notification at our SSL_Abuse address. http://local.connectme.us has been revoked.
- Još 2 druga odgovora
Novi razgovor -
-
-
Almost like the CCC talk about HP printers hitting "http://fakeurl1234.com " -- except in that case, Yaniv and Eyal were able to purchase the domain (which is freakin' hilarious). Write up: https://cyberwarzone.com/your-hp-printer-is-connecting-to-fakeurl1234-com-and-you-dont-even-know-it/ … Video:https://media.ccc.de/v/35c3-9462-what_the_fax …
-
It seems like nobody really cares :/ I still own fakeurl1234[.]com. I sometimes use it in CTFs just for the lolz
- Još 1 odgovor
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.