Me: Threat-hunting rare DNS lookups in a corporate network. Confluence: https://www.google.com/search?&q=%22atlassian-domain-for-localhost-connections-only.com%22 …pic.twitter.com/pse4VwORiZ
This is the legacy version of twitter.com. We will be shutting it down on June 1, 2020. Please switch to a supported browser, or disable the extension which masks your browser. You can see a list of supported browsers in our Help Center.
Vulnerability researcher at Google. This is a personal stream, opinions expressed are mine.
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Add this Tweet to your website by copying the code below. Learn more
Add this video to your website by copying the code below. Learn more
By embedding Twitter content in your website or app, you are agreeing to the Twitter Developer Agreement and Developer Policy.
| Country | Code | For customers of |
|---|---|---|
| United States | 40404 | (any) |
| Canada | 21212 | (any) |
| United Kingdom | 86444 | Vodafone, Orange, 3, O2 |
| Brazil | 40404 | Nextel, TIM |
| Haiti | 40404 | Digicel, Voila |
| Ireland | 51210 | Vodafone, O2 |
| India | 53000 | Bharti Airtel, Videocon, Reliance |
| Indonesia | 89887 | AXIS, 3, Telkomsel, Indosat, XL Axiata |
| Italy | 4880804 | Wind |
| 3424486444 | Vodafone | |
| » See SMS short codes for other countries | ||
This timeline is where you’ll spend most of your time, getting instant updates about what matters to you.
Hover over the profile pic and click the Following button to unfollow any account.
When you see a Tweet you love, tap the heart — it lets the person who wrote it know you shared the love.
The fastest way to share someone else’s Tweet with your followers is with a Retweet. Tap the icon to send it instantly.
Add your thoughts about any Tweet with a Reply. Find a topic you’re passionate about, and jump right in.
Get instant insight into what people are talking about now.
Follow more accounts to get instant updates about topics you care about.
See the latest conversations about any topic instantly.
Catch up instantly on the best stories happening as they unfold.
Me: Threat-hunting rare DNS lookups in a corporate network. Confluence: https://www.google.com/search?&q=%22atlassian-domain-for-localhost-connections-only.com%22 …pic.twitter.com/pse4VwORiZ
Did you know you just dropped a 0day on twitter? 
Wait... are you serious? They... actually embed the private cert somewhere? I was just laughing at the domain name.
Yes, it happens sometimes, as soon as someone pulls out the key the CA is required to revoke it. They probably did it to avoid mixed-content warnings, as you can probably guess... it's not the correct solution. Anyone using this app is vulnerable to trivial MITM 
Hm I suppose that's true then of IBM's Aspera plugin client, which uses https://local.connectme.us for the same kind of communication
I just took a look, Umm.. that could be way, way worse. There's a pre-generated CA certificate and a private key, if they add that to the system store, they're effectively disabling SSL. I would consider that *critical*.
A fun night we're all having here on Twitter dot com then
I really hope this isn't what it looks like, or this is another superfish.
https://pastebin.com/CKxNW3ms
Offhand it doesn't look like it's added to the system store? So that's good. But I'm not sure why it's there
I can't imagine any possible way it makes sense, but you were right about the http://local.connectme.us certificate, I extracted it. This needs to be revoked now and is a real vulnerability.
https://pastebin.com/1qupxAUv
I sent a mail to ssl_abuse@sectigo.com, I don't know if that's the correct address.
Still not revoked. Isn't @SectigoHQ now in violation of section 4.9.1.1 of the BRs? 24 hours have passed...
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.