$3k Bug Bounty - Twitter's OAuth Mistakes

by @edent | # # # # #
A Twitter login screen. Highlighted is the information that it cannot access your DMs.

Imagine the scenario. You're trying out some cool new Twitter app. It asks you to sign in via OAuth as per usual. You look through the permissions - phew - it doesn't want to access your Direct Messages. You authorise it - whereupon it promptly leaks to the world all your sexts, inappropriate jokes, and […]

Continue reading

Responsible Disclosure: CloudFlare - more interested in tracking than security

by @edent | # # # # | 2 comments | Read ~327 times.
A confirmation email asking me to click on a link,

CloudFlare claim they want to secure the web - but they seem more interested in tracking their customers than giving them decent security. Upon registering with the Internet giant, users are encouraged to confirm their email addresses. So far, so standard. This is the confirmation message CloudFlare sends out: Looks good! Hey! I wonder where […]

Continue reading

Udacity Bug Bounty - or, please stop tracking every link in your emails

by @edent | # # # | 2 comments | Read ~332 times.
Clicking on the button shows an insecure web address.

Look, I know your company wants metrics. I know your boss wants to see the exact percentages of people who click on links in your emails. Your sales team are desperate to track conversions. Someone wants to optimise your funnel for reasons which are unclear to you, a lowly engineer. So you make the mistake […]

Continue reading

Self-inflicted Denial of Service on GitHub (Disclosed)

by @edent | # # # | Read ~173 times.

I've found an interesting, but low severity, way for a malicious user to selectively deny access to specific GitHub issues and Pull Requests. This doesn't affect the whole site - just targeted pages. It doesn't require elevated permissions, nor any special skills. This is just GitHub punching itself in the face. Here's how it works. […]

Continue reading