the attacker is opening github issues 😂

> I noticed in your blog post that you were talking about doing a postmortem and steps you need to take. As someone who is intimately familiar with your entire infrastructure, I thought I could help you out.
[then about ssh agent forwarding, and principle of least privilege]

matrix thing 

matrix thing, signing keys in prod 

matrix thing, lmao 

@CobaltVelvet I don't know, I hope they warned them before and they choose to ignore the problem. If it isn't the case, that's a kinda shitty thing to do.

@CobaltVelvet Sorry, I misread the situation at first. I though they disclosed actual harmful content for the end users.
It's actually super funny ^^.

@Sylvhem well they still can. these situations are hard to judge and can go from "absolute asshole" to "white hat" and back again in matter of minutes :p

@CobaltVelvet Yeah, but for now they did nothing.
I won't find that funny if they are actually hurting the people who used the service.

matrix thing, signing keys in prod 

matrix thing, re: lmao 

re: matrix thing, signing keys in prod 

re: matrix thing, signing keys in prod 

matrix thing 

lolhats 

lolhats 

@CobaltVelvet
THe com makes me think "What, people not well documented and not reading securiy warning? I'm choked (not)"

@CobaltVelvet
What's Flywheel in this context? All I can find is a taxi app and a building management app. :blobconfused:

@Jo @hirnbrot "Agent flywheel (OS X Build Slave)" from their (now down) wiki

Sign in to participate in the conversation
Octodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!