spiderplant

joined 1 year ago
[–] spiderplant@infosec.pub 7 points 1 year ago* (last edited 1 year ago) (6 children)

I keep seeing Vlemmy mentioned but I guess I missed the drama. Did the server admin unexpectedly shut the server down?

[–] spiderplant@infosec.pub 7 points 1 year ago

Smart move. I'm surprised more instances aren't doing this.

[–] spiderplant@infosec.pub 4 points 1 year ago* (last edited 1 year ago) (1 children)

FWIW, right now it seems unlikely that your password was accessible to anyone. Your login cookie may have been taken if you accessed Lemmy on a web browser (apps are likely fine), so you would want to clear your Lemmy cookies and cache once this is over.

But I'm speculating, and changing your password will definitely help!

[–] spiderplant@infosec.pub 8 points 1 year ago

This seems to be a front-end JavaScript exploit, so theres's a good chance that this is a Lemmy problem, not a Lemmy[dot]world problem. Don't be surprised if the issue starts spreading to other instances.

If I were running a server, I would take it offline until a patch is released (Beehaw did this, to be proactive).

[–] spiderplant@infosec.pub 2 points 1 year ago

This was a great overview. I hadn't heard about the DAN method, and it's fascinating!

[–] spiderplant@infosec.pub 4 points 1 year ago* (last edited 1 year ago)

I'm shocked this isn't replacing the original Series S at $300.