Demand TLS for software updates. Leaking information on which package is updating enables automated exploitation and often downgrade attacks. Updaters can be vulnerable, but difficult to exploit if TLS validation occurs on the connection. Example: https://justi.cz/security/2018/09/13/alpine-apk-rce.html …
-
-
Domains being hijacked or simply reassigned after having expired is often overlooked. TLS doesn’t do anything here, it even adds trust to something potentially malicious.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.