Email or username:

Password:

Forgot your password?
All posts derek's posts Post Back to profile
derek

@Gargron Did you see this? Some people are discussing if this is problem with OG mastodon or if gab added it. Perhaps put out statement?

https://kubeworm.github.io/gab.html

21 Feb 2021 at 6:47 | Open on gorf.pub
6 comments
Eugen Rochko

@derek Where are people discussing it? No API like this exists in Mastodon, that is the most obvious vulnerability I have ever seen

21 Feb 2021 at 6:47 | Open on mastodon.social
Eugen Rochko

@derek They're also using Net::HTTP with no configured timeout as well as far as I can see so you can easily DoS them by submitting a lot of requests to deliberately slow URLs

Or fill their server's RAM by making requests to gigantic files

Which is bizarre because if they'd just used our own Request class like everywhere else in actual Mastodon code, they'd be protected against all those things

21 Feb 2021 at 6:54 | Open on mastodon.social
derek

@Gargron No telling with those guys honestly. I have seen them do and say some crazy, dishonest things. Their biz model is victimhood so when everything thing is going smoothly and no drama donations drop.

Their newest scam is they are using real accounts to like posts of big name e-celebs to make the celebs excited. Many people are complaining when they see likes on posts they would have never liked.

21 Feb 2021 at 7:03 | Open on gorf.pub
Eugen Rochko
derek

@Gargron Yeah, that was all part of the current ongoing hack related to the page I sent. They were spamming crypto pumps from all the blue checkmark accounts on gab. I’m sure there are many more vulnerabilities currently being exploited. Eventually someone is going to publish private posts, emails, etc. Probably just collecting data until right time. Also, heard rumors that an ex employee is dumping some private emails. What a trash fire.

Also, Gab’s twitter account is not deleted or suspended. Torba routinely turns it off to avoid questions.

@Gargron Yeah, that was all part of the current ongoing hack related to the page I sent. They were spamming crypto pumps from all the blue checkmark accounts on gab. I’m sure there are many more vulnerabilities currently being exploited. Eventually someone is going to publish private posts, emails, etc. Probably just collecting data until right time. Also, heard rumors that an ex employee is dumping some private emails. What a trash fire.

21 Feb 2021 at 7:24 | Open on gorf.pub
Eugen Rochko

@derek Let's just say I am not aware of them ever porting a security fix from us since the time they forked

21 Feb 2021 at 7:24 | Open on mastodon.social
Go Up