Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.town/notes/9ky2bs71mzeevhp8">Taggart :donor: (mttaggart@infosec.town)'s status on Wednesday, 18-Oct-2023 05:49:58 JST</a><a href="https://infosec.town/@mttaggart" title="mttaggart@infosec.town"><img src="https://gnusocial.jp/theme/gnusocialjp/default-avatar-stream.png" width="48" height="48" alt="Taggart :donor:" style="position: absolute; left: 0; top: 0;">Taggart :donor:</a></section><article><p>To recap:<br><br>- X added a Settings option for using HTTP proxies in the app.<br>- But, it doesn't actually route any traffic to a proxy. Nothing in the app references the setting, and dynamic analysis shows no traffic being sent to the proxy.<br>- This means people trying to stay safe by using this feature are in greater danger due to a false sense of security.<br><br>The bug report I reference below was closed instantly as not-a-bug.<br><br>RE: <a href="https://infosec.town/notes/9ky1hz9tcj5gf8va">https://infosec.town/notes/9ky1hz9tcj5gf8va</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2198864#notice-4322406">In conversation</a><time datetime="2023-10-18T05:49:58+09:00" title="Wednesday, 18-Oct-2023 05:49:58 JST">Wednesday, 18-Oct-2023 05:49:58 JST</time> <span>from <span><a href="https://infosec.town/notes/9ky2bs71mzeevhp8" rel="external" title="Sent from infosec.town via ActivityPub">infosec.town</a></span></span><a href="https://infosec.town/notes/9ky2bs71mzeevhp8">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: media.infosec.town</div><h5><a href="https://infosec.town/notes/9ky1hz9tcj5gf8va">Taggart :donor: (@mttaggart)</a></h5><div></div></header><div>Actually took the time to submit a h1 report about the HTTP proxy thing. I can't understand why this isn't a bigger deal. It could get someone killed or imprisoned.</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Taggart :donor: (mttaggart@infosec.town)'s status on Wednesday, 18-Oct-2023 05:49:58 JST Taggart :donor:
To recap:

- X added a Settings option for using HTTP proxies in the app.
- But, it doesn't actually route any traffic to a proxy. Nothing in the app references the setting, and dynamic analysis shows no traffic being sent to the proxy.
- This means people trying to stay safe by using this feature are in greater danger due to a false sense of security.

The bug report I reference below was closed instantly as not-a-bug.

RE: https://infosec.town/notes/9ky1hz9tcj5gf8va
In conversation2 years ago from infosec.townpermalink
Attachments
1. Domain not in remote thumbnail source whitelist: media.infosec.town
  Taggart :donor: (@mttaggart)
  Actually took the time to submit a h1 report about the HTTP proxy thing. I can't understand why this isn't a bigger deal. It could get someone killed or imprisoned.

Public

Embed Notice

HTML Code

Corresponding Notice