HACKER Q&A
📣 CM30

Would Twitter's Failure Be a Security Risk?


Presumably if the service fails, the domain will eventually expire. If it does, then anyone can buy it out and host whatever they want there.

Doesn't that then mean the script used to embed tweets in articles and websites becomes a huge security issue and possible attack vector? Seems like a bad actor could then steal personal data from all manner of large news sites and other social media services, or just do whatever they want to the content or layout on the same.

Fortunately certain sites do avoid this by not using the embed (the BBC uses images, the Guardian uses a standard blockquote), but many others don't, and I suspect it'd be a mad rush to remove said script if anything like that happened.

Am I overthinking this, or is this a potential security nightmare that Musk's management could make more likely?

  👤 night-rider Accepted Answer ✓
> if the service fails, the domain will eventually expire

I don't see that happening. The WHOIS record[0] says the domain is managed by CSC[1]

[0] https://who.is/whois/twitter.com

[1] https://www.cscdbs.com/

👤 Am4TIfIsER0ppos
So it is not a security risk if you believe Twitter to be benevolent? But it is if you think it is malevolent? Javascript is already a privacy and security violation and 3rd party embeds inflate it for every connection so you shouldn't allow the RCE anyway.