Oddbean new post about login | logout I'm pretty sure that's not even a calendly link. Its comes from a calendly.oauth5.center domain
If this is true, report it to twitter. Their security team should know about this. There is nothing in the page that tells you this and that is a security hole. A big gaping security hole.
Good points thank you
Twitter Security is worthless and incompetent. Fraud and scams are like roaches over there. I used to report impersonation accounts but I’m pretty sure they’ll keep spawning regardless.
That's a different type of thing. This is an objective problem that is probably a violation of basic OWASP security tenents that are expected of all companies today.
Expected, or required and enforced? Asking to understand. If required, that would obviously provide us some leverage.
Expected afaik. But I might be wrong, it might not fit in the realm of OWASP, but it is a glaringly obvious security flaw that any respectable team would get onto fixing asap. It's a small change for large benefit. This is contrary to spam and fake account detection which requires constant monitoring and manual intervention because it is very easy to catch false positives and for people to work around when the problem is more subjective than objective.
I think a lot of fraud, spam, and scam account creation problems could be solved with requiring a small refundable deposit with every account type. Ideally Lightning. But sadly, they’ll probably never do that because all the bot accounts fluff their advertising “views”