23 March 2009

twitter badness?

so, a few days ago i was working on a project, and noticed that GoDaddy allows web sites which use their SSL certificates to post a flashie thing on their website allowing visitors to check the status of the cert. (see the bottom of tweepme.com for an example).

It turns out that GoDaddy actually has the blank certificate image stored on their servers, and that it is accessible via http in addition to https.

This means it could easily be used for spoofing by anyone that knows how to:
a) manipulate an image in an image editing software application or
b) manipulate an image in any number of programming languages

So, I decided to make the following tweet at twitter:

"interesting. if you know how to manipulate images, you too can spoof godaddy's SSL seal: http://is.gd/o1pM"


It was posted, and then disappeared about 15 minutes later.
I reposted it. Half an hour later, it was gone again.

So I talked to a friend of mine that follows me on twitter and had him pull up my page in his browser, and also in his third party application on a mobile device. I then posted again. He confirmed that it showed on my twitter profile page, but that it didn't hit his feed, nor his mobile device. About half an hour later, it disappeared again.

I then posted a tweet about the fact that my tweets were going missing for some reason. That also vanished about 20 minutes after posting.

So, I posted a tweet about something completely unrelated, that stayed.

At that point, I sent a request into twitter support asking whether I was triggering their ToS violation or such and that this was leading to my tweets vanishing. As yet (3 days later), it's not even been assigned to anyone to review.

Hmm... Interesting.

No comments:

Post a Comment