Me: Threat-hunting rare DNS lookups in a corporate network. Confluence: https://www.google.com/search?&q=%22atlassian-domain-for-localhost-connections-only.com%22 …pic.twitter.com/pse4VwORiZ
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Wait... are you serious? They... actually embed the private cert somewhere? I was just laughing at the domain name.
Yes, it happens sometimes, as soon as someone pulls out the key the CA is required to revoke it. They probably did it to avoid mixed-content warnings, as you can probably guess... it's not the correct solution. Anyone using this app is vulnerable to trivial MITM 
Reading the documentation is my favorite way to find vulnerabilities.
Docs: “See, it works like this.” Me: “I sure hope not.”
all the best companies report 0 days in their products on their own support sites 
This whole thread 


Wait. How is it dropping a zero day if it's in their public docs? Now I'm confused. Regardless, right on with the CVE!
Or did you ? 
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.