Email or username:

Password:

Forgot your password?
Astrid (Certified Server Maid)'s posts Post Back to profile
Top-level
Dave Anderson

@astrid I'd be so curious to nerf all my permissions on everything and then hand it over to see what they try to do. Not going to though, because yeah, that's a trap. But I'm curious what the attack is.

29 March at 20:25 | Wall-to-wall | Open on hachyderm.io
7 comments
Astrid (Certified Server Maid)
@danderson yeah I'm gonna go and lead then on and see what they do
29 March at 20:26 | Open on fedi.astrid.tech
Dave Anderson

@astrid galaxy brain idea: make a burner github account that's a member of nixos, cncf and a bunch of other high value targets, wait for the email, then delete all the memberships and hand the account over to see what they try

29 March at 20:27 | Open on hachyderm.io
Raito Bezarius

@danderson @astrid though it's highly likely here they're here for the airdrop cryptocurrency money and are just scamming you out of shitcoins

30 March at 0:46 | Open on nixos.paris
Dave Anderson

@raito @astrid aww, boring. There's so much more you can do!

Then again given today's events maybe I shouldn't be demanding better attackers...

30 March at 0:47 | Open on hachyderm.io
Raito Bezarius

@danderson @astrid let's thank the gods of economical efficiency everyday

it doesn't seem like the chaotic attacker that could be so meticulous to target all distros and be stealthy as fucked has appeared *or* we didn't detect it

30 March at 0:57 | Open on nixos.paris
Dave Anderson

@raito @astrid yeah that's when the doom spiral starts. Either it hasn't happened, or it happened so well we're completely fucked and don't even know.

30 March at 1:06 | Open on hachyderm.io
Irenes (many)

@danderson @raito @astrid the way we see it, the primary exploit here was the social one (see details at [1]). this is absolutely what passes for stealth on that front.

[1] boehs.org/node/everything-i-kn

30 March at 1:08 | Open on mastodon.social
Go Up