Conversation

Notices

LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1)'s status on Saturday, 03-Dec-2022 22:25:49 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
Remote profile options...

https://k.lapy.link/notes/98bji8qbby

#Misskey security update. Someone created "instances" which trigger a denial of service in Misskey and possibly #Mastodon. From what I hear, #Pleroma is not vulnerable. #GNUsocial is likely also vulnerable.

We can expect a lot more of these kind of things now that the #Fediverse is getting attention.
Saturday, 03-Dec-2022 22:25:49 UTC from nu.federati.net permalink
Attachments
- LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1)'s status on Saturday, 03-Dec-2022 22:32:07 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
  Remote profile options...
  
  in reply to
  
  https://borg.social/notes/98bcoo2t1n Here's another thread about it. And one of the earliest reports I saw is here. https://freespeechextremist.com/objects/6478dde7-53c6-470f-b264-dc973b5b7855
  Saturday, 03-Dec-2022 22:32:07 UTC permalink
  Attachments
  1. Error showing notice: Invalid filename.
  2. LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1)'s status on Sunday, 04-Dec-2022 16:22:39 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
    Remote profile options...
    
    in reply to
    
    Tagging this thread with #Fediverse #Security ... whomever made the script obviously read some protocol docs and some source code. With just a little #JavaScript, they were able to knock some #Misskey and #Mastodon instances to their knees.
    
    This isn't the first, and it won't be the last. Remember when someone posted a humongous image and locked up any #GNUSocial instance that tried to download the image? Remember when someone's instance was replaced by some sort of cryptocurrency site and PuSH es from your site to theirs would crash your site because of their site's response? (I'll bet I still have that domain blocked at the firewall.)
    
    We have to stop being naive about the intentions of those in the current migration. The overwhelming majority will have benign, if not good, intentions. But a select few will have bad intentions. Among those intentions is to colonize the Fediverse with #Twitter's culture, to come here and impose that culture of anger and disrespect upon the inhabitants here ... which already happened once with the first wave of people joining #Mastodon instance, except it was Twitter and #Tumblr at that time.
    
    Sunday, 04-Dec-2022 16:22:39 UTC permalink
  3. LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1)'s status on Sunday, 04-Dec-2022 16:24:29 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
    Remote profile options...
    
    in reply to
    
    Alexandre Oliva
    Incidentally, @lxo was the first to clearly describe this behavior as "colonization". Previously, we'd seen it and decried it, but lacked the modern pejorative to describe it properly.
    
    Sunday, 04-Dec-2022 16:24:29 UTC permalink

Public

Notices