Conversation
Notices
-
Moon (moon@shitposter.club)'s status on Friday, 26-May-2023 03:53:50 JST 
Moon
what's going on with poa.st - repeated this.
-
Your New Kemono Waifu :verified: :cornbread_the_cat: (sjw@bae.st)'s status on Friday, 26-May-2023 03:53:49 JST 
Your New Kemono Waifu :verified: :cornbread_the_cat:
@Moon
https://alogs.space/cow/res/209571.html likes this. -
(mint@ryona.agency)'s status on Friday, 26-May-2023 03:54:23 JST 
@sjw @Moon Oh boy oh boy. -
cool_boy_mew (coolboymew@shitposter.club)'s status on Friday, 26-May-2023 03:56:14 JST 
cool_boy_mew
@Moon huh? What happened? -
cool_boy_mew (coolboymew@shitposter.club)'s status on Friday, 26-May-2023 03:57:35 JST
cool_boy_mew
@Moon yeah, just read
https://shitposter.club/notice/AW1QdO3ruSqTApQ8ES -
Moon (moon@shitposter.club)'s status on Friday, 26-May-2023 03:57:36 JST
Moon
@coolboymew got hacked, no specifics. -
Disinformation Purveyor :verified_think: (thatguyoverthere@shitposter.club)'s status on Friday, 26-May-2023 03:57:55 JST 
Disinformation Purveyor :verified_think:
@realcaseyrollins @Moon someone managed to gain control of graf's account for some amount of time. It is suspected that the attacker gained access to an oauth token although I don't know the details on how they obtained it. -
realcaseyrollins (realcaseyrollins@social.teci.world)'s status on Friday, 26-May-2023 03:57:56 JST 
realcaseyrollins
Is it down?
-
Token (coin@asimon.org)'s status on Friday, 26-May-2023 04:00:42 JST 
Token
@Moon e-mails and DMs leaked like chudbuds -
Moon (moon@shitposter.club)'s status on Friday, 26-May-2023 04:01:21 JST
Moon
@i @Kagekokoro I don't know how they could pivot from an admin token to a full database dump. Disinformation Purveyor :verified_think: likes this. -
:blank: (i@declin.eu)'s status on Friday, 26-May-2023 04:01:22 JST 
:blank:
@Kagekokoro @Moon they might have stolen the Admin-Token cookie some way, my guess is oembeds being fucky, as moon knows and had to disable them to stop tracking -
:nintendo_switch: Cyrus :nintendo_switch: (kagekokoro@bae.st)'s status on Friday, 26-May-2023 04:01:23 JST 
:nintendo_switch: Cyrus :nintendo_switch:
@i @Moon how does an oath attack even work? -
:blank: (i@declin.eu)'s status on Friday, 26-May-2023 04:01:24 JST
:blank:
@Moon dms/emails leak via oauth attack, the usual -
Himbo Techbro (r000t@ligma.pro)'s status on Friday, 26-May-2023 04:05:10 JST 
Himbo Techbro
@Moon @coolboymew Proper incident response would be to physically disconnect machines from the network and image them
cool_boy_mew likes this. -
Disinformation Purveyor :verified_think: (thatguyoverthere@shitposter.club)'s status on Friday, 26-May-2023 04:07:22 JST
Disinformation Purveyor :verified_think:
@realcaseyrollins @Moon yeah I don't know the extent of the compromise, but I wouldn't want to be dealing with it. -
realcaseyrollins (realcaseyrollins@social.teci.world)'s status on Friday, 26-May-2023 04:07:23 JST
realcaseyrollins
@thatguyoverthere @Moon Dang…I don’t even like #Poast but that sucks…
-
:apa: スプリットショックウイルス † (splitshockvirus@mstdn.starnix.network)'s status on Friday, 26-May-2023 04:11:28 JST 
:apa: スプリットショックウイルス †
That would imply people on this network actually knew cyber security. And I have not met a single competent user in this regard.
cool_boy_mew likes this. -
¢нαяℓιє яσσт (charlie_root@annihilation.social)'s status on Friday, 26-May-2023 04:14:40 JST 
¢нαяℓιє яσσт
@splitshockvirus @r000t @Moon @coolboymew
Im pretty sure graf know more than most of us.cool_boy_mew likes this. -
Ademan (ademan@thebag.social)'s status on Friday, 26-May-2023 04:14:45 JST 
Ademan
I resemble that remark
cool_boy_mew likes this. -
Santa Noodle ☦️ (bowsacnoodle@poa.st)'s status on Friday, 26-May-2023 04:20:32 JST 
Santa Noodle ☦️
@thatguyoverthere @Moon @realcaseyrollins That's what appears to have happened. Sucks but this is why you use opsec when shitposting. Disinformation Purveyor :verified_think: likes this. -
Moon (moon@shitposter.club)'s status on Friday, 26-May-2023 04:23:35 JST
Moon
@BowsacNoodle @thatguyoverthere @realcaseyrollins they didn't get nailed by a minecraft mod did they Disinformation Purveyor :verified_think: likes this. -
mothball蛾玉 (和文化研究部) (moth_ball@shitposter.club)'s status on Friday, 26-May-2023 04:34:46 JST 
mothball蛾玉 (和文化研究部)
@Moon @coolboymew cool_boy_mew likes this. -
Disinformation Purveyor :verified_think: (thatguyoverthere@shitposter.club)'s status on Friday, 26-May-2023 04:35:59 JST
Disinformation Purveyor :verified_think:
@BowsacNoodle @Moon @realcaseyrollins how much data can you actually exfiltrate with just an admin auth token? -
Santa Noodle ☦️ (bowsacnoodle@poa.st)'s status on Friday, 26-May-2023 04:36:00 JST
Santa Noodle ☦️
@Moon @thatguyoverthere @realcaseyrollins Afaik, which is just what Graf posted, it was an oauth token hack. -
Disinformation Purveyor :verified_think: (thatguyoverthere@shitposter.club)'s status on Friday, 26-May-2023 04:48:05 JST
Disinformation Purveyor :verified_think:
@BowsacNoodle @Moon @realcaseyrollins I can't see a way for an auth token to lead to an actual database dump. I don't know maybe there is a way to download a backup or something that I never noticed when I was running pleroma. -
Santa Noodle ☦️ (bowsacnoodle@poa.st)'s status on Friday, 26-May-2023 04:48:06 JST
Santa Noodle ☦️
@thatguyoverthere @Moon @realcaseyrollins I have no clue. Disinformation Purveyor :verified_think: likes this.
All 076萌SNS content and data are available under the