I managed to make it to the informal #novasecluncheon meetup in DC today.
A conversation topic was Rob Fuller and Rafal Los‘ recent run-in’s with an insecurely configured tinyurl (which was picked up by the media). Discussion also followed about the issues with a site being owned (bad enough) with the exponential implications of problems going through that site (much worse).
Once everyone gets done with lunch and back to their routine, what do we see? It appears that someone has managed to XSS Twitter successfully.
Is that timing, or what?
I’ve been meaning to save this up for another post, but now is also a great time to mention the Longurl Mobile Expander I’ve been playing around with. It’s a link expander Add-on for Firefox that allows you to preview “shortened” url’s by mousing over them before you click.
Click with care . . .