@trailofbits where in your ruby code do you validate that the sha1 is actually of the timestamped data? Can't find it.. 
1 year in and I think we're still the only company that figured out this API.https://twitter.com/trailofbits/status/747759173996154881 …
-
-
-
we strip user data before sending to backend - that means we only validate the signature server-side
- 5 more replies
New conversation -
-
-
"It was difficult to overcome the inertia [...]". It is very often the issue, sadly.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.