this post was submitted on 10 Jul 2023
153 points (99.4% liked)

Fediverse

17698 readers
5 users here now

A community dedicated to fediverse news and discussion.

Fediverse is a portmanteau of "federation" and "universe".

Getting started on Fediverse;

founded 5 years ago
MODERATORS
 

Lionir elected to prevent any potential data leaks by shutting down Beehaw until the issues lemmy.world and lemmy.blahaj.zone are identified and resolved

top 13 comments
sorted by: hot top controversial new old
[–] TheSaneWriter@lemm.ee 24 points 1 year ago (1 children)

For the best. Knowing that this hacking technique is a vulnerability with the Lemmy project as a whole, I think it's reasonable for instances to temporarily close while a fix is implemented.

[–] SwingingKoala@discuss.tchncs.de 6 points 1 year ago* (last edited 1 year ago) (1 children)
[–] neo@lemmy.comfysnug.space 4 points 1 year ago

There was a big discussion about it in the Admin Chat room on Matrix.

[–] db0@lemmy.dbzer0.com 15 points 1 year ago

Funnily enough, beehaw was the most protected from this vuln, as their more stringest application requirements made it unlikely the attacker got in. It also didn't affect lemmy.dbzer0.com even though our application form is much simpler than theirs.

[–] hoodlem@hoodlem.me 8 points 1 year ago (1 children)

I’m not on Beehaw, but it seems well run based on the decisions they make and who they let in.

[–] Quill7513@slrpnk.net 9 points 1 year ago

They're very consistent and predictable in a very good way. I understand the desire to have a more permissive instance at the cost of dealing with some trolls, but I think beehaw does an excellent job of delivering a community that takes the health and safety of the community at large seriously

[–] erre@feddit.win 7 points 1 year ago

Tough call, probably for the best. Hopefully it's resolved soon.

[–] samokosik@lemm.ee 7 points 1 year ago (2 children)

Does anyone have an article about the vulnerability itself?

[–] ulu_mulu@lemmy.world 4 points 1 year ago

They're not telling (rightfully so) and hopefully won't until all instances are fixed.

[–] spiderplant@infosec.pub 6 points 1 year ago

Smart move. I'm surprised more instances aren't doing this.

[–] Maebbie@lemmy.ml 3 points 1 year ago

now thats how you protest

[–] _haha_oh_wow_@sh.itjust.works 2 points 1 year ago

Attack vectors reduced to 0

load more comments
view more: next ›