erre

joined 1 year ago
[–] erre@feddit.win 1 points 1 year ago (1 children)

The one reserved for residential usage is home.arpa.

https://www.rfc-editor.org/rfc/rfc8375.html

[–] erre@feddit.win 4 points 1 year ago

Oops indeed. Lemmy needs a security audit 😬

[–] erre@feddit.win 9 points 1 year ago

Looks like lemmy.blahaj.zone is back

https://lemmy.blahaj.zone/post/766402

[–] erre@feddit.win 13 points 1 year ago* (last edited 1 year ago) (4 children)

I'd wager you're likely fine if you're using a mobile app when the affected image loads. Also, it appears they're stealing auth tokens.. not passwords or anything. At worst they could impersonate you until your token expires.. but you're not a high value target unless you're an admin of an instance.

[–] erre@feddit.win 26 points 1 year ago

What kind of terrible markdown editor allows adding onload scripts to images though.. it's insane.

[–] erre@feddit.win 16 points 1 year ago* (last edited 1 year ago) (6 children)

If it's onload then simply viewing the image runs that script. Yikes.

[–] erre@feddit.win 7 points 1 year ago

Tough call, probably for the best. Hopefully it's resolved soon.

[–] erre@feddit.win 9 points 1 year ago
[–] erre@feddit.win 4 points 1 year ago

The sophistication is impressive, using emojis. Are people getting paid to find the vulnerabilities or are they just bored??

[–] erre@feddit.win 18 points 1 year ago

Connect is ridiculously stable and feature-complete for how new it is. Definitely deserves to be mentioned.

[–] erre@feddit.win 1 points 1 year ago

I'm pretty sure that error indicates nginx isn't receiving a response from the upstream server (Lemmy and Lemmy-UI). So, either your upstream server isn't responding to requests or nginx is misconfigured with the wrong upstream server 🤔

 

Thought this might be an interesting read for some.

view more: next ›