Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://xoxo.zone/users/andybaio/statuses/109435055904912441">Andy Baio (andybaio@xoxo.zone)'s status on Thursday, 01-Dec-2022 09:50:51 JST</a><a href="https://xoxo.zone/@andybaio" title="andybaio@xoxo.zone"><img src="https://gnusocial.jp/avatar/15608-48-20230405235137.webp" width="48" height="48" alt="Andy Baio" style="position: absolute; left: 0; top: 0;">Andy Baio</a><div><a href="https://xoxo.zone/@andybaio/109396079064972083" rel="in-reply-to">in reply to</a></div></section><article><p>who could have ever predicted a student coding project with three people working on it and over 2 million users would have multiple critical vulnerabilities?</p><p>"The issues we reported allow any attacker to access all data, including private posts, private messages, shared media and even deleted direct messages. This also includes private email addresses and phone numbers entered during login." <a href="https://zerforschung.org/posts/hive-en/" rel="nofollow noreferrer">https://zerforschung.org/posts/hive-en/</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/656664#notice-1153086">In conversation</a><time datetime="2022-12-01T09:50:51+09:00" title="Thursday, 01-Dec-2022 09:50:51 JST">Thursday, 01-Dec-2022 09:50:51 JST</time> <span>from <span><a href="https://xoxo.zone/@andybaio/109435055904912441" rel="external" title="Sent from xoxo.zone via ActivityPub">xoxo.zone</a></span></span><a href="https://xoxo.zone/@andybaio/109435055904912441">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: zerforschung.org</div><h5><a href="https://zerforschung.org/posts/hive-en/">⚠️ Warning: do not use Hive Social ???</a></h5><div></div></header><div>Dieser Artikel ist auch auf deutsch erschienen.Following the Twitter takeover, a number of services promising to be an alternative gained traction. One of those is “Hive Social”, which reached more than a million users in the last weeks.
Of course, we were interested and took a look at Hive from a security standpoint. We found a number of critical vulnerabilities, which we confidentially reported to the company. After multiple attempts to contact the company we finally reached them by phone and they acknowledged the report. After multiple days and multiple reminders by us, they claimed to have fixed all issues. However multiple vulnerabilities we reported still exist at the time of writing.	⚠️ We strongly advise against using Hive in any form in the current state.</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Andy Baio (andybaio@xoxo.zone)'s status on Thursday, 01-Dec-2022 09:50:51 JST Andy Baio
in reply to
who could have ever predicted a student coding project with three people working on it and over 2 million users would have multiple critical vulnerabilities?
"The issues we reported allow any attacker to access all data, including private posts, private messages, shared media and even deleted direct messages. This also includes private email addresses and phone numbers entered during login." https://zerforschung.org/posts/hive-en/
In conversationThursday, 01-Dec-2022 09:50:51 JST from xoxo.zonepermalink
Attachments
1. Domain not in remote thumbnail source whitelist: zerforschung.org
  ⚠️ Warning: do not use Hive Social ???
  Dieser Artikel ist auch auf deutsch erschienen. Following the Twitter takeover, a number of services promising to be an alternative gained traction. One of those is “Hive Social”, which reached more than a million users in the last weeks. Of course, we were interested and took a look at Hive from a security standpoint. We found a number of critical vulnerabilities, which we confidentially reported to the company. After multiple attempts to contact the company we finally reached them by phone and they acknowledged the report. After multiple days and multiple reminders by us, they claimed to have fixed all issues. However multiple vulnerabilities we reported still exist at the time of writing. ⚠️ We strongly advise against using Hive in any form in the current state.

Public

Embed Notice

HTML Code

Corresponding Notice