Our blog

Wild Abandon with Perfect Precision

While agency life will often demand a fast-paced working style, sometimes it's important to set aside a few more minutes to prevent typos and ensure a stronger finished product.

Morgan Hughley

When Likes Disappear

While eliminating the Like feature on social media may be a step in the right direction for everyday individual use, companies will now need to reevaluate their social media marketing plans.

Morgan Hughley

Boston Conferences Every Marketer Needs to Attend

When immersed in client work and glued to a desk for long periods of time, it’s possible to become stuck in a pattern of delivering projects that may meet client expectations, but lack the true innovation needed to push the work to the next level. Sometimes it’s not only beneficial to step away from the office for a moment but absolutely necessary in order to refresh the mind and deliver better ideas. Conferences and tradeshows are great opportunities to leave your desk for a few days while still remaining engaged with the marketing world.

Morgan Hughley

The Multitasking Myth (Part One)

I can’t multitask. Well… neither can you.

Dan Zarzycki

Access Your Data Archive

It’s no surprise that the real conglomerate of our personal data is Google. But did you know you can download the data archive? Learn how to access your data.

Morgan Hughley

Influence the Right Way

Companies are relying more and more on influencers to spearhead conversations with their audiences in order to spark interest in their brands. However, in order for an influencer marketing campaign to be successful, it has to be planned out correctly.

Morgan Hughley

How to Go Off the Grid for Two Weeks. For Real.

In modern agency life, it seems impossible to take a vacation without taking work with you, but it can be done. Here’s how I did it.

Meghan Gardner

Flexbox

As a back-end developer, it can be hard to style a web page. CSS is not very intuitive and around every corner there’s a “gotcha.” Flexbox is a fairly new CSS technology that once mastered, can be much easier to use.

Dan Sudenfield

How to (Successfully) Lead Your First Tech Meetup

There are a number of reasons you might want to start a technology meetup. In order to narrow the focus a bit, we’re going to approach this from the standpoint that you work for (or run) a company that is interested in the idea of hosting a meetup.

Brendan Butts

How Do You Fix a $75,000 Mistake?

As a new marketing manager for a practice group within a consulting firm, I had a lot to learn. And a few of those things, I had to learn the hard way, like making an error that cost the company many tens of thousands of dollars.

Meghan Gardner

Stumbling Upon a Twitter Vulnerability

Reading privacy policies on websites and other legal documents are important. I have read Twitter privacy policy before but I wanted to make sure nothing had changed. GDPR was coming and seeing how they structured their page and spelled out the details seemed interesting. Starting on help.twitter.com, I went right to the footer. Mouse over the Privacy link and NO click. It looked funny.

Twitter linked their Privacy and Terms and Conditions to a domain that looks like twitter.com but was actually twittier.com. Most people would say, oh, fat finger. Typo. However, I held my breath.

If you were to go to the frontpage of help.twitter.com you would have seen the proper https://twitter.com/privacy URL. But on https://help.twitter.com/form it was https://twittier.com/privacy. There were a few other pages where I found the same behavior.

What is the big deal?

Twittier.com looks a lot like Twitter.com. You see a lot of this in email domain spoofing attacks. The idea is a bad actor buys a domain very similar to the legit domain and then fools a user to click on a link. If a user is not careful, the bad domain may be designed to look exactly like the reputable domain. The deceitful site may ask you to login, therefore, you would be giving your login username and password directly to the enemy. And potentially malicious software (malware) could be put on your computer. The fact that Twitter could be linking to a possible bad domain seemed worrisome. Even if the bad domain was owned by a good person who didn't plan on doing anything evil, they could be victim of attackers going after their login credentials.

It could be bad BUT only if Twitter didn't own the domain.

The domain had privacy protection enabled so there was no way to know right away. Looking at the Name Servers and Registrar, they were both different from Twitter.com. That doesn't mean it is not owned by Twitter–but it was time to find out.

According to the Twitter security team, they do own the domain. Wonderful. I can imagine they sit on lots of variations of their domain, which is sad, but necessary.

Twitter acknowledged the issue and was quick to fix it.

navigate_before navigate_next
Home Approach Focus Case Studies People Careers Blog Contact