Found an interesting spam/scam scheme today:
- Attacker posts their link that redirects to a legit news article
- Twitter resolves the redirect to news article
- Twitter hides link from Tweet and displays Twitter Card with news domain
- Attacker changes redirect to spam site
The Tweet now displays a legit looking Twitter Card with the news website domain, but actually goes to the scammer.
Something like this: https://twitter.com/0xjomo/status/1039583601367629825
This is why URL shorteners should always be considered a security risk.
By filtering visitors by referer or datacentre/domestic IP you could probably set these up in a one-step manner, too..
@cathal the referrer is an optional HTTP header and not always sent, but it's quite possible they only do the redirect when the request comes from a Twitter IP.
@jomo Ran into this unintentionally at my last job. The card caching is crazy too. Some promotions would be down for years and the card still existed... super safe for users!
@jomo Oh! And I forgot, after years of building Twitter content for promos, Twitter would hit our servers to try and update meta-data from those same ancient, dead promos. They DoS'ed us one day when their system decided to refresh everything within a few minutes.
@jomo awesome, now even first-party URL shorteners are a public safety issue.
Fast, secure and up-to-date instance, welcoming everyone around the world. Join us! 🌍
Up since 04/04/2017. ✅
Why should you sign up on mstdn.io?
This instance is not focused on any theme or subject, feel free to talk about whatever you want. Although the main language is english, we accept every single language and country.
We're connected to the whole ActivityPub fediverse and we do not block any foreign instance nor user.
We do have rules, but the goal is to have responsible users.
The instance uses a powerful server to ensure speed and stability, and it has good uptime. We follow state-of-the-art security practices.
Also, we have over 300 custom emojis to unleash your meming potential!
Looking for a Kpop themed instance? Try kpop.social