[HTTPS-Everywhere] Stupid Perl Tricks: ssl_check2.pl
Whizz Mo
https at whizzmo.com
Wed Nov 10 19:04:15 PST 2010
Yes, the setup that Twitter runs is beyond my script's recognition
abilities. I suppose that I could put in IP range matching logic to check
if the hostname resolves to something in Amazon's cloud, but I don't really
want to maintain an IP range list over time. I'm hoping that the current
output (with the partial string display) is enough to point people in the
right direction.
On Wed, Nov 10, 2010 at 6:23 PM, Seth David Schoen <schoen at eff.org> wrote:
> Whizz Mo writes:
>
> > Here are 80 bytes from both strings, starting at offset 1732:
> > http: ref="
> > http://a1.twimg.com/a/1289433550/images/twitter_57.png"
> rel="apple-touch-ic
> > https: ref="
> >
> https://s3.amazonaws.com/twitter_production/a/1289433550/images/twitter_57
> .
> >
> > Note that the starting byte of each listed string is 10 chars before the
> > variance occurs. For sites with rotating ad banners, this may be an
> > issue.
>
> This particular discrepancy is actually an HTTP/HTTPS issue; these
> hosts are both Amazon S3 but the latter is the HTTPS name for the
> same resource. For this particular image -- unlike many others --
> Twitter realized that it should generate the HTTPS name for the
> image resource in order to avoid a mixed-content warning.
>
> --
> Seth Schoen
> Senior Staff Technologist schoen at eff.org
> Electronic Frontier Foundation https://www.eff.org/
> 454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eff.org/pipermail/https-everywhere/attachments/20101110/4d399ba0/attachment.html>
More information about the HTTPS-everywhere
mailing list