Follow

the attacker is opening github issues 😂

> I noticed in your blog post that you were talking about doing a postmortem and steps you need to take. As someone who is intimately familiar with your entire infrastructure, I thought I could help you out.
[then about ssh agent forwarding, and principle of least privilege]

matrix thing 

matrix thing, signing keys in prod 

matrix thing, lmao 

@CobaltVelvet I don't know, I hope they warned them before and they choose to ignore the problem. If it isn't the case, that's a kinda shitty thing to do.

@CobaltVelvet Sorry, I misread the situation at first. I though they disclosed actual harmful content for the end users.
It's actually super funny ^^.

@Sylvhem well they still can. these situations are hard to judge and can go from "absolute asshole" to "white hat" and back again in matter of minutes :p

@CobaltVelvet Yeah, but for now they did nothing.
I won't find that funny if they are actually hurting the people who used the service.

matrix thing, signing keys in prod 

matrix thing, re: lmao 

re: matrix thing, signing keys in prod 

re: matrix thing, signing keys in prod 

matrix thing 

lolhats 

lolhats 

@CobaltVelvet
THe com makes me think "What, people not well documented and not reading securiy warning? I'm choked (not)"

Sign in to participate in the conversation
Octodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!