cantevencode

cantevencode@lemmy.world

Joined1 year ago

0 posts • 15 comments

Filter:

Overview Posts Comments

Sort:

[ - ]

cantevencode@lemmy.world

3 points

1 year ago

in asklemmy@lemmy.world•What's a company secret you can share now that you no longer work there?

Can I Google their name?

report

reply

[ - ]

cantevencode@lemmy.world

8 points

1 year ago

in lemmyworld@lemmy.world•Lemmy.world (and some others) were hacked

Good point. I suppose the only way to fix that particular issue to disallow cookie authentications from a new location

report

reply

[ - ]

cantevencode@lemmy.world

26 points

1 year ago

in lemmyworld@lemmy.world•Lemmy.world (and some others) were hacked

Prior to the JWT secret being rotated, yes, they could have authenticated as you. The tokens are now all invalid and useless

report

reply

[ - ]

cantevencode@lemmy.world

13 points

1 year ago

in lemmyworld@lemmy.world•Lemmy.world (and some others) were hacked

Does an admin account have any permissions to view email addresses or data of registered users?

Did MichelleG not have 2FA enabled?

Now that this has happened, it’s be worth pushing this issue through as high priority. If HttpOnly was enabled, then an admin takeover would not have been possible.

https://github.com/LemmyNet/lemmy-ui/issues/1252

report

reply

[ - ]

cantevencode@lemmy.world

13 points

1 year ago

in fediverse@lemmy.world•Lemmy.world reaches new milestone: 100k users and counting!

Petition to change the lemmy.world logo to Lenny

report

reply

Previous page Next page