I'll make sure to let you know if I see it anywhere.
All of the apps have you enter your credentials into their page because Lemmy doesn't support OAuth2. I don't think it's fair to criticize Voyager for a problem that is currently inherent to all Lemmy apps.
You're correct, but by maintaining distinct passwords with a password manager you make sure only the one account is compromised. 2FA also helps, you may have the username and password, but the 2FA code that you were given needs to be used immediately or else it will expire, and an expired 2FA code won't allow you to successfully breach the account you're trying to break into to.
That's fair, but sometimes a malicious actor will attempt to covertly contribute code that introduces a security vulnerability.
Indeed, this is a real weak spot with Lemmy's security. I honestly think we need to place more emphasis on implementing OAuth2, when I have the time I'll have to take a look at that again to see if I'm able to.
The past few hours, it was recent.
For the best. Knowing that this hacking technique is a vulnerability with the Lemmy project as a whole, I think it's reasonable for instances to temporarily close while a fix is implemented.
Deeply unfortunate that something like this could happen, you always hope that code injection vulnerabilities are found before someone is hacked. With that in mind, this shows the importance of two security principles: always parse and clean user input and don't click links (including images) before checking where they are going to send you.
Deeply unfortunate that something like this could happen, you always hope that code injection vulnerabilities are found before someone is hacked. With that in mind, this shows the importance of two security principles: always parse and clean user input and don't click links (including images) before checking where they are going to send you.
It's no problem! I really like helping build new communities, and I was having a really good time participating on VLemmy. I'll continue participating using lemm.ee and continue enjoying the platform and community, but I really hope that VLemmy comes back because I was happy with what we were building there.
I was not on the Admin team, I did moderate the Chat community and I was active in Support but I wasn't technically an admin. I had applied to be an admin, as pyarra the day before yesterday put out a post asking for admin applications, but then the server died and I'm not sure what happened.
view more: next ›
As much as any other app I've seen, but I would still recommend using unique credentials for Lemmy.