If your instance is not up to date (see footer), you can pass this along to your admins to check

  • @[email protected]
    link
    fedilink
    English
    6510 months ago

    I wonder if the companies that forked mastodon (like truth social) will bother to update. I can see someone posting stuff as a former president with this flaw.

  • @NOT_RICK
    link
    English
    3710 months ago

    Is this mastodon specific or is it an activitypub flaw?

  • @Zak
    link
    English
    3110 months ago

    we think any amount of detail would make it very easy to come up with an exploit

    People who would create exploits for this definitely can’t read the diffs and see what changed.

    • @KazuyaDarklight
      link
      English
      26
      edit-2
      10 months ago

      Every barrier that slows down attacks a little is worth it when you are trying to buy time so people can apply emergency updates. It’s not about stopping them from ever figuring it out.

    • mozz
      link
      fedilink
      1110 months ago

      Depends on skill level and the exact nature of the flaw. There’s definitely going to be a nonzero number of malicious people who lie in the middle distance “I can come up with a way to exploit flaws if I have a detailed trail of breadcrumbs” and “I can’t be bothered to do an unlimited amount of work to track down how to do this, I have other malicious things on my schedule for today.”

  • @oDDmON
    link
    English
    1110 months ago

    That’s not good.

    • @A_A
      link
      English
      510 months ago

      That isn’t inversely not un_good, not.

  • @aciDC14
    link
    English
    810 months ago

    That’s bad.

  • BiggestBulb
    link
    fedilink
    510 months ago

    Welp. I’m glad Stux was already updating earlier. Honestly, Stux probably knew before just about everyone else

  • @hperrin
    link
    English
    410 months ago

    Thanks for the notice. My instance is now updated. :)