hawkwind @ hawkwind @lemmy.management

💩 🫘

---

Read more

Posts

3

Comments

103

Joined

2 yr. ago

Concerns were posted a few days ago, but no POC that used the exact same attack as we saw here. Basically, there were some warnings, and work was underway that would have prevented this, but it was not done fast enough. There is a patch now, that will take a while to roll out, plus a renewed focus on general and related issues.

Don't fall for it. They're also an admin on mastodon.world! :)

They defaced it with dicks and changed the federation list to be only threads.net. I don't think it was a state sponsored chinese hacking group. :)

I've been pondering trying to make one, but it's not going to be a cake-walk. The tool (that was a script) I wrote ruffled some feathers for it's potential to destroy the lemmyverse. While I don't believe that could happen. I'm still interested in something easier and more integrated.

The theory is simple and I am willing to take a stab at it, but there might be road blocks trying to make or incorporate changes to the actual lemmy code.

That, is actually kind of fascinating and may be important info for someone doing a follow-up investigation. If that was the bad actor phishing for moderation access, why would they need that, when they already had an admin account? If it was legit, then it's super sus. whoever this app developer was needs to have a little light shone on them.

TBF, at least you're doing something.

You do you. I would tell my users I have no idea what's going on, and definitely not say "using your open tabs is probably fine."

That makes more sense.

I think this carrying on without providing more information is reckless. Does an actual admin from this instance really know what happened or are you just taking a bunch of random commentary and speculation as gospel then telling the users "we're good."

So any comment or post?

We've changed our name to Israel. - The Admins.

True that. If you look at posts on lemmy.world though, it's clear their users (which is like 50% of Lemmy) have zero clue they're defederated ATM, and probably many that don't know it's compromised.

lol

They are still acting on it, seems.

I didn't want to say it, because I wanted to believe :(

That's fair. I shouldn't have said "replace reddit."

mastodon.world seems okay, but whos to say where the silos are between that and lemmy.world.

TBF modern browsers are remarkably secure from being a vector to pwn your computer these days.

EDIT: I don't endorse hanging out on a compromised lemmy.world. Focus on the implication for the bigger lemmyverse though. A hack coming through to you is unlikely.

All the bean memes are in danger! On a serious note, old-skool or not, it's a huge loss of trust in something the community-at-large is excited to see replace reddit.

I wouldn't assume reasons why or that it's fixed until that consensus has been more widely reached.