Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Twitter URL spoofing still exploitable

From: Pablo Ximenes <pablo () ximen es>
Date: Tue, 27 Sep 2011 15:49:37 -0300
Aparently twitter is back to normal, t.co isn't showing in place of
every URL anymore.

This was indeed temporary while they were fixing things as mentioned.

Att,

Pablo Ximenes
http://ximen.es/
http://twitter.com/pabloximenes




2011/9/27 Benji <me () b3nji com>:

If you hover over the t.co links the alt= tag holds the real url.

On Tue, Sep 27, 2011 at 4:11 PM, dave bl <db.pub.mail () gmail com> wrote:


On 28 September 2011 01:00, Mario Vilas <mvilas () gmail com> wrote:

On Tue, Sep 27, 2011 at 3:26 PM, Dan Kaminsky <dan () doxpara com> wrote:


Ok, now nobody can spoof a URL, but how come a user will tell good
URLs and bad ones apart? Oh boy!



Wherever did you get the idea that users can do this?


Jokes apart, I do find it annoying that URLs aren't expanded
automatically
anymore. But I don't expect this situation to be permanent.


Agreed.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: