{"id":39,"date":"2009-03-23T04:26:00","date_gmt":"2009-03-23T04:26:00","guid":{"rendered":"https:\/\/freezion.com\/?p=39"},"modified":"2009-03-23T04:26:00","modified_gmt":"2009-03-23T04:26:00","slug":"twitter-badness","status":"publish","type":"post","link":"https:\/\/freezion.com\/?p=39","title":{"rendered":"twitter badness?"},"content":{"rendered":"<p>so, a few days ago i was working on a project, and noticed that GoDaddy allows web sites which use their SSL certificates to post a flashie thing on their website allowing visitors to check the status of the cert. (see the bottom of <a href=\"http:\/\/tweepme.com\/\">tweepme.com<\/a> for an example).<\/p>\n<p>It turns out that GoDaddy actually has the blank certificate image stored on their servers, and that it is accessible via http in addition to https.<\/p>\n<p>This means it could easily be used for spoofing by anyone that knows how to:<br \/>\na) manipulate an image in an image editing software application or<br \/>\nb) manipulate an image in any number of programming languages<\/p>\n<p>So, I decided to make the following tweet at twitter:<\/p>\n<blockquote><p>&#8220;interesting. if you know how to manipulate images, you too can spoof godaddy&#8217;s SSL seal: http:\/\/is.gd\/o1pM&#8221;<\/p><\/blockquote>\n<p>It was posted, and then disappeared about 15 minutes later.<br \/>\nI reposted it. Half an hour later, it was gone again.<\/p>\n<p>So I talked to a friend of mine that follows me on twitter and had him pull up my page in his browser, and also in his third party application on a mobile device. I then posted again. He confirmed that it showed on my twitter profile page, but that it didn&#8217;t hit his feed, nor his mobile device. About half an hour later, it disappeared again.<\/p>\n<p>I then posted a tweet about the fact that my tweets were going missing for some reason. That also vanished about 20 minutes after posting.<\/p>\n<p>So, I posted a tweet about something completely unrelated, that stayed.<\/p>\n<p>At that point, I sent a request into twitter support asking whether I was triggering their ToS violation or such and that this was leading to my tweets vanishing. As yet (3 days later), it&#8217;s not even been assigned to anyone to review.<\/p>\n<p>Hmm&#8230; Interesting.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>so, a few days ago i was working on a project, and noticed that GoDaddy allows web sites which&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,4],"tags":[11,36,46,60],"class_list":["post-39","post","type-post","status-publish","format-standard","hentry","category-hacking","category-musing","tag-crypto","tag-lolhax","tag-rambling","tag-wtf"],"_links":{"self":[{"href":"https:\/\/freezion.com\/index.php?rest_route=\/wp\/v2\/posts\/39","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/freezion.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/freezion.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/freezion.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/freezion.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=39"}],"version-history":[{"count":0,"href":"https:\/\/freezion.com\/index.php?rest_route=\/wp\/v2\/posts\/39\/revisions"}],"wp:attachment":[{"href":"https:\/\/freezion.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=39"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/freezion.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=39"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/freezion.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=39"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}