senooken JP Social
  • FAQ
  • Login
senooken JP Socialはsenookenの専用分散SNSです。

  • Public

    • Public
    • Network
    • Groups
    • Popular
    • People

Conversation

Notices

  1. Jerry Bell :verified_paw: (jerry@infosec.exchange)'s status on Tuesday, 15-Nov-2022 23:56:03 JST Jerry Bell :verified_paw: Jerry Bell :verified_paw:

    This message for everyone on the fediverse:

    First, please ensure you go into your account settings and enable two/multi factor authentication. No, I mean do it right now. I’ll wait till you’re done.

    …

    …

    Ok, thank you.

    Now, if you are the admin of a mastodon instance, please go upgrade to 4.0.2 ASAP.

    Background: https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp

    In conversation Tuesday, 15-Nov-2022 23:56:03 JST from infosec.exchange permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: portswigger.net
      Stealing passwords from infosec Mastodon - without bypassing CSP
      The story of how I could steal credentials on Infosec Mastodon with a HTML injection vulnerability, without needing to bypass CSP. Everybody on our Twitter feed seemed to be jumping ship to the infose

    Feeds

    • Activity Streams
    • RSS 2.0
    • Atom
    • Help
    • About
    • FAQ
    • TOS
    • Privacy
    • Source
    • Version
    • Contact

    senooken JP Social is a social network, courtesy of senooken. It runs on GNU social, version 2.0.2-beta0, available under the GNU Affero General Public License.

    Creative Commons Attribution 3.0 All senooken JP Social content and data are available under the Creative Commons Attribution 3.0 license.