However, today I noticed they did take some action regarding this problem.
Strangely they now they have 2 different certificates in their live environment. One signed by VeriSign and one by RapidSSL/GeoTrust. Below you see both certificates compared:
One is valid for www.twitter.com and twitter.com. The other for twitter.com and [wildcard]*.twitter.com.
Here are their pastebin links:
Currently active: twitter.com / www.twitter.com - VeriSign valid from 7/7/2011
Currently backup: *.twitter.com / www.twitter.com - RapidSSL/GeoTrust valid from 7/17/2011
Just a few questions arise. Why the hack do u use at least 2 Certificate Authorities to sign your certificates? Why do we have 2 different certificates in a live environment?
Having multiple certificates for just one environment makes the probabilities of one getting compromised bigger. Secondly the new certificate presented shows it's already valid from the 17th of July 2011, how many more certificates do you have in stock?
Here are some facts about twitter and its certificate handling.
Twitter has requested certificates for these domains:
api.twitter.com -> VeriSign Class 3 Secure Server CA - G2 -> VeriSign
urls-real.api.twitter.com -> VeriSign Class 3 Secure Server CA - G3 -> VeriSign
pay.twitter.com -> VeriSign Class 3 Extended Validation SSL CA -> VeriSign
partnerdata.twttr.com -> DigiCert HA CA-3 -> DigiCert
dev.twitter.com -> VeriSign Class 3 Secure Server CA - G2 -> VeriSign
mobile.twitter.com -> VeriSign Class 3 Secure Server CA - G2 -> VeriSign
sms.twitter.com -> VeriSign Class 3 Secure Server CA - G2 -> VeriSign
support.twitter.com -> VeriSign Class 3 Secure Server CA - G3 -> VeriSign
upload.twitter.com -> VeriSign Class 3 Secure Server CA - G3 -> VeriSign
sms.twitter.com -> VeriSign Class 3 Secure Server CA - G2 -> VeriSign
stream.twitter.com -> VeriSign Class 3 Secure Server CA - G3 -> VeriSign
xstream.twitter.com -> VeriSign Class 3 Secure Server CA - G3 -> VeriSign
sitestream.twitter.com -> VeriSign Class 3 Secure Server CA - G3 -> VeriSign
userstream.twitter.com -> VeriSign Class 3 Secure Server CA - G2 -> VeriSign
t.co -> VeriSign Class 3 Secure Server CA - G2 -> VeriSign
twitter.com -> VeriSign Class 3 Extended Validation SSL CA -> VeriSign
But almost all of these can off course be replaced by this one:
*.twitter.com -> RapidSSL CA -> GeoTrust Global CA
Based on the above facts we can conclude twitter uses 3 Certificate Authorities to sign its certificates:
- VeriSign
- RapidSSL/GeoTrust
- DigiCert
Twitter is serving the *.twitter.com certificate already on 19 servers. And the old www.twitter.com on only 6 servers.
Whats going on dudes?!
Hi Everyone!
BeantwoordenVerwijderenWe have USA fresh & Verified SSN Leads with best connectivity score
All info checked & genuine
Info in LEADS
First Name | Last Name | SSN | Dob | DL Number |Address | State | City | Zip | Phone Number | Account Number | Bank NAME
*Price for SSN lead $2
*You can ask for sample before any deal
*If anyone buy in bulk, we can negotiate
*Sampling is just for serious buyers
==>ACTIVE & FRESH CC FULLZ ALSO AVAILABLE<==
->$5 PER EACH
LIMITED DATA AVAILABLE
->Hope for the long term deal
->Interested buyers contact me fast
Whatsapp > +923172721122
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040