Follow

Good lord can people stop taking advantage of vulnerabilities on Matrix instead of reporting them responsibly

@maloki because exploiting deployments with real users is bad

@kevin yes, but do you know what happens when people report vulnerabilities? A lot of the time, nothing.

@maloki I mean, yes, but it's also morally and legally bad to actually exploit another system you don't own.

I could understand if they contacted Matrix, gave them some time (a week, maybe?) to reply, and then released the details publicly. But these recent hacks have been just that - hacks.

@kevin true. This didn't sound like a hack though, just a leak from an insider.?

@maloki Yeah true, the latest one is less so. I was thinking more the actual hack into Matrix production infrastructure ~1 week ago, which (while it revealed some pretty damning security issues in their infra) seemed pretty ungood in terms of responsible disclosure.

Sign in to participate in the conversation
Potatodon

Private Mastodon instance for potatoes

sorry~

I mean if you really wanna join I guess you can email/toot me and I'll probably let you in