Conversation

Notices

1. Embed this notice
   Kevin Russell (kevinrns@mstdn.social)'s status on Saturday, 08-Jul-2023 03:17:31 JST Kevin Russell

   WARNING: Phishing Attacks, HTML markup to hide urls, are now in Mastodon.

   While Mastodon does not have markup to allow hiding urls, they share API with "friendica" and friendica ALLOW HIDING URLS.

   And friendica accounts can post on Mastodon.
   I have asked for a solution, none is forthcoming.

   Click NO LINKS that come friendica. Be wary of links on Mastodon, as if Mastodon were "email" - without any protections.

   Multiple reports of other fediverse branches allow hiding urls. No Clicking links

   • Masanori Ogino 𓀁 and 藤井太洋, Taiyo Fujii repeated this.
   • Embed this notice
     Kevin Russell (kevinrns@mstdn.social)'s status on Sunday, 09-Jul-2023 10:48:07 JST Kevin Russell

     in reply to

     Mozilla, makers of open source free Firefox, joined Mastodon last week. Mozilla began testing Mastodon security, including how their server responded to attacks and more.

     They found 5 major flaws, threats, including the ability to take over a server, control a server, with a post.

     With a post. TootRoot.

     "Mastodon fixes critical “TootRoot” vulnerability allowing node hijacking"

     For 13 million users, #Mastodon NEEDS a security FOCUS.

     Demand layers of protection.

     https://arstechnica.com/security/2023/07/mastodon-fixes-critical-tootroot-vulnerability-allowing-node-hijacking/