hawkwind @ hawkwind @lemmy.management Posts 6Comments 181Joined 2 yr. ago
When Palo Alto sells your dipshit CIO one firewall appliance per virtual server. βSomehow. Someway,β says the salesperson, βweβre gonna get even more firewalls in here!β
And now the ENTIRE INSTANCE for lululemon, whoβs bot posts 1000 times a minute.
If the only criteria to be in a private channel for admins is being an admin, thereβs no use making it private. ;) Unless your just looking to filter out bad actors who donβt want to take 5 min and 5$ to make an instance.
FYI for anyone looking to deface more instances, That list is only updated every 24 hours. Depending on when it last run on your home instance, the info could be out of date.
Out of curiosity, where would the regulators go for a case like this? There's no "company" running it per. se.
Concerns were posted a few days ago, but no POC that used the exact same attack as we saw here. Basically, there were some warnings, and work was underway that would have prevented this, but it was not done fast enough. There is a patch now, that will take a while to roll out, plus a renewed focus on general and related issues.
Don't fall for it. They're also an admin on mastodon.world! :)
They defaced it with dicks and changed the federation list to be only threads.net. I don't think it was a state sponsored chinese hacking group. :)
You're not misunderstanding. They just solve more than one issue, and create a few too.
That's a personal preference though. You don't have a need for a relay. There are more than a few people who want to run their own instance and at least browse all the things without having to subscribe to them. This is a news aggregator at the core after all.
I've been pondering trying to make one, but it's not going to be a cake-walk. The tool (that was a script) I wrote ruffled some feathers for it's potential to destroy the lemmyverse. While I don't believe that could happen. I'm still interested in something easier and more integrated.
The theory is simple and I am willing to take a stab at it, but there might be road blocks trying to make or incorporate changes to the actual lemmy code.
That, is actually kind of fascinating and may be important info for someone doing a follow-up investigation. If that was the bad actor phishing for moderation access, why would they need that, when they already had an admin account? If it was legit, then it's super sus. whoever this app developer was needs to have a little light shone on them.
TBF, at least you're doing something.
I was trying to by funny. :(
You do you. I would tell my users I have no idea what's going on, and definitely not say "using your open tabs is probably fine."
I think this carrying on without providing more information is reckless. Does an actual admin from this instance really know what happened or are you just taking a bunch of random commentary and speculation as gospel then telling the users "we're good."
Permanently Deleted
So any comment or post?
We've changed our name to Israel. - The Admins.
True that. If you look at posts on lemmy.world though, it's clear their users (which is like 50% of Lemmy) have zero clue they're defederated ATM, and probably many that don't know it's compromised.
It's unresolved.