I wonder if the companies that forked mastodon (like truth social) will bother to update. I can see someone posting stuff as a former president with this flaw.

[–] [email protected] 92 points 1 year ago

[–] [email protected] 25 points 1 year ago (1 children)

Eh, stuff like truth social doesn't federate with anything anyway, so unfortunately this isn't a vulnerability for them.

[–] [email protected] 10 points 1 year ago (1 children)

Has it been confirmed this is a federation bug?

[–] NOT_RICK 37 points 1 year ago (1 children)

Is this mastodon specific or is it an activitypub flaw?

[–] Zak 31 points 1 year ago (3 children)

we think any amount of detail would make it very easy to come up with an exploit

People who would create exploits for this definitely can't read the diffs and see what changed.

[–] KazuyaDarklight 26 points 1 year ago* (last edited 1 year ago)

Every barrier that slows down attacks a little is worth it when you are trying to buy time so people can apply emergency updates. It's not about stopping them from ever figuring it out.

[–] [email protected] 11 points 1 year ago

Depends on skill level and the exact nature of the flaw. There's definitely going to be a nonzero number of malicious people who lie in the middle distance "I can come up with a way to exploit flaws if I have a detailed trail of breadcrumbs" and "I can't be bothered to do an unlimited amount of work to track down how to do this, I have other malicious things on my schedule for today."

[–] aeharding 13 points 1 year ago

😬

[–] oDDmON 11 points 1 year ago (1 children)

That’s not good.

[–] A_A 5 points 1 year ago

That isn't inversely not un_good, not.

[–] aciDC14 8 points 1 year ago

That’s bad.

[–] [email protected] 5 points 1 year ago

Welp. I'm glad Stux was already updating earlier. Honestly, Stux probably knew before just about everyone else

[–] hperrin 4 points 1 year ago

Thanks for the notice. My instance is now updated. :)