Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://crucible.world/objects/216b1d44-02ba-443f-8bb2-9a1949ff1741">victor (victor@crucible.world)'s status on Friday, 26-May-2023 03:46:28 JST</a><a href="https://crucible.world/users/victor" title="victor@crucible.world"><img src="https://gnusocial.jp/avatar/100741-48-20230620171243.webp" width="48" height="48" alt="victor" style="position: absolute; left: 0; top: 0;">victor</a><div><a href="https://seal.cafe/objects/0fcbb3c3-c9e6-4042-9155-44f02884b047" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/100757" title="dcc@annihilation.social">✙ dcc :pedomustdie: :phear_slackware:</a></li><li><a href="https://gnusocial.jp/user/114402" title="spitfire@poster.place">They call me Spitfire :pepeOK:</a></li></ul></div></section><article><a href="https://seal.cafe/users/kroner">@kroner</a> <a href="https://annihilation.social/users/dcc">@dcc</a> <a href="https://poster.place/users/spitfire">@spitfire</a> Graf is saying they got hold of his OAuth token to impersonate him, though it's not clear to me how (server breach or client device breach?).<br><br>It might be a Pleroma-specific vulnerability. Apparently he's working with Alex to figure it out.</article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/1588711#notice-3132291">In conversation</a><time datetime="2023-05-26T03:46:28+09:00" title="Friday, 26-May-2023 03:46:28 JST">Friday, 26-May-2023 03:46:28 JST</time> <span>from <span><a href="https://crucible.world/objects/216b1d44-02ba-443f-8bb2-9a1949ff1741" rel="external" title="Sent from crucible.world via ActivityPub">crucible.world</a></span></span><a href="https://crucible.world/objects/216b1d44-02ba-443f-8bb2-9a1949ff1741">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
victor (victor@crucible.world)'s status on Friday, 26-May-2023 03:46:28 JSTvictor
in reply to
@kroner @dcc @spitfire Graf is saying they got hold of his OAuth token to impersonate him, though it's not clear to me how (server breach or client device breach?).

It might be a Pleroma-specific vulnerability. Apparently he's working with Alex to figure it out.
In conversationFriday, 26-May-2023 03:46:28 JST from crucible.worldpermalink

Public

Embed Notice

HTML Code

Corresponding Notice