There are still server softwares our there that are going to be exposing people's private Mastodon posts.
You could've saved yourself a lot of typing there by just admitting to claiming things you actually didn't know.
troed
joined 2 years ago
If you know of other ActivityPub servers that expose private posts the same way I suggest you make a responsible disclosure to the developers.
I don't know of any, but you claim they exist so ...
You have absolutely no idea what "responsible" in "responsible disclosure" means :) It's completely irrelevant how Mastodon has implemented private posts when it comes to how Dansup handled the issue, knowing what the effects were.
You don't, when told of a vulnerability, handle it in a way that cause harm if it can be avoided.
Read more, post less. I've said nothing about any spec violation. That's not relevant.
hahahahaha
Watch and try again ;) I post under my real name.
https://www.cve.org/CVERecord?id=CVE-2024-44754
https://www.youtube.com/watch?v=ZbKLAjPYOEg
Feel free to post less and read more.
It has everything to do with ActivityPub since if you follow that protocol strictly you will cause this behavior. It still doesn't change that Dansup was told that this caused Bad Things(tm) and yet he didn't follow normal procedure in how you handle it.
Vulnerabilities don't need to be buffer overflows.
/cybersec researcher
Regardless whether you want to pretend that not caring about Mastodon is a valid defense when implementing software using the ActivityPub protocol, that still doesn't change anything regarding how Dansup handled the disclosure of the effects it had.
As I wrote, at the time the MEPs in question believed this to be fully legal. I do not know any MEPs personally today.
Is it correct that the crime Le Pen was convicted of was hiring assistants to her parliament office who in reality were working for the national political party?
I've seen this claimed and if true I hope that a lot of people were convicted, not just her. Because I know for a fact that this exact setup has been used by other MEPs. At the time they believed it to be fully legal.
I'm happy she got convicted, but I don't want this to in any way having been politically targeted because that opens up a shitload of worm cans.
If you have a garden, plant flowers instead of keeping a boring grass lawn.
view more: next ›
It's a list from 2021 and as a cybersec researcher and Jellyfin user I didn't see anything that would make me say "do not expose Jellyfin to the Internet".
That's not to say there might be something not listed, or some exploit chain using parts of this list, but at least it's not something that has been abused over the last four years if so.