4
/c/café daily chat thread for 10 July 2023
(self.cafe)
Welcome to our virtual third place, The Café.
Come on in and make a new human connection over a cup of coffee (or Teh Tarik). This is a casual community, do whatever you want, share your oyen pics, your frustrations, and even organize a weekend picnic with the community. The world is your oyster.
Rules are simple, be kind and civil with each other. As with any other café, rude patrons will be kicked out.
Shit, lemmy world got hacked, click on that Israel will lead you to explicit picture of a bunch of naked old man sucking each other, and also pop's up lead to porn site.
Avoid at all cost.
Thanks Zen, you're a lifesaver. Brb pressing the emergency button
Resurgence? Rickroll never dies.
like we're ever going to give it up
is it the lemon party picture?...........feels old.
welcome to pre-rickroll internet.
Ahh, that's what it called, no wonder it's somehow familiar.
Merely open the dm? Or do we have to click the link for it to happen?
Alright, got it. Thanks!
damn, i feel like we can check off one success criteria: suddenly so attractive for hacks.
https://github.com/LemmyNet/lemmy-ui/issues/1895 has more information on mitigations, which may not be necessary if no custom emojis were added.
it also has something for invalidating all json web tokens by changing the signing key (all users will need to re-login after doing that), which may be necessary depending on whether the tech team believes any of them (especially any of the admin's) have been compromised (there is currently no expiry date on the tokens).
#lemmyworldhacked #fediversedrama
Thanks, i'm giving it a read but i'm not coding literate so may need some time to parse 😂
I also found this lemmy moderation tool (seems to be by the same dev as lemmyverse.net), which the tech team may want to take a look at to see if it's comparable to what you all had on reddit…at least after the security issue thing blows over.
#redditmigration
The team are currently working on the bot though, but thanks for the suggestion 😁
(URGENT) Lemmy has an XSS vulnerability in the tagline
Goddammit. The fediverse drama continues.
Btw admins it's best that we defederate for the time being.
https://kbin.social/m/android@lemdro.id/t/168524/Lemmy-world-and-another-instance-have-been-compromised#entry-comment-661712
The linked comment suggests that the entire Lemmy platform is currently vulnerable to the cookie stealing exploit that already happened to several instances.
Now, if only we have automod that could detect code injection in markdown links and tempban offenders...