Honestly, where are the Google security people who give us so much trouble everywhere else:https://daringfireball.net/linked/2017/05/29/russian-amp-phishing …
-
-
Replying to @wycats
Our general policy is here. https://sites.google.com/site/bughunteruniversity/nonvuln/open-redirect … The issue mentioned in the article was fixed last year.
1 reply 0 retweets 0 likes -
-
Replying to @wycats
several measures. But the result is this https://www.google.com/amp/lets.phish.wycats …
1 reply 0 retweets 0 likes -
Replying to @cramforce
The fact that it's http://google.com will always allow someone to put official looking instructions and trick people.
2 replies 0 retweets 2 likes -
Replying to @wycats @cramforce
The only solution is not to use Google URLs (an alt cache URL would help but user still get used to it and it obscures fishy stuff)
1 reply 0 retweets 2 likes -
Replying to @wycats
The real solution is to get rid of the the URL prefix, of course. We already did in our native apps. Hoping for web sometime this year.
2 replies 0 retweets 1 like
I'm excited to hear that's coming. Can you share the techniques that are making it possible on the web? New standards? Browser features?
-
-
Replying to @wycats
Still figuring it out and will share once it is far enough along. But likely the latter 2, indeed.
0 replies 0 retweets 3 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.