Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://gleasonator.com/objects/2a6df22f-2a81-4000-8238-678447a16d07">Alex Gleason (alex@gleasonator.com)'s status on Sunday, 04-Feb-2024 12:57:03 JST</a><a href="https://gleasonator.com/users/alex" title="alex@gleasonator.com"><img src="https://gnusocial.jp/avatar/1712-48-20220726020642.webp" width="48" height="48" alt="Alex Gleason" style="position: absolute; left: 0; top: 0;">Alex Gleason</a><div><ul><li></ul></div></section><article>"Mastodon vulnerability allows attackers to take over accounts"<br><br>Snopes: Mixed<br><br>It's a serious vulnerability for sure: "allowing attackers to impersonate users and take over their accounts"<br><br>But while this part is true: "allowing attackers to impersonate users"<br><br>This part is exaggerated: "and take over their accounts"<br><br>Impersonating remote users doesn't allow you to log in as them, change their email or password, etc. It allows people to submit forged posts by them, and "trick" Mastodon servers into accepting it. Either way, interesting that this leaks into the wider web.<br><br>RT: <a href="https://noauthority.social/users/Dan_Ramos/statuses/111871157549735051">https://noauthority.social/users/Dan_Ramos/statuses/111871157549735051</a></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2673946#notice-5300021">In conversation</a><time datetime="2024-02-04T12:57:03+09:00" title="Sunday, 04-Feb-2024 12:57:03 JST">about 10 months ago</time> <span>from <span><a href="https://gleasonator.com/objects/2a6df22f-2a81-4000-8238-678447a16d07" rel="external" title="Sent from gleasonator.com via ActivityPub">gleasonator.com</a></span></span><a href="https://gleasonator.com/objects/2a6df22f-2a81-4000-8238-678447a16d07">permalink</a><h4>Attachments</h4><ol><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="https://noauthority.social/@Dan_Ramos/111871157549735051">Dan Ramos :verified: (@Dan_Ramos@noauthority.social)</a></h5><div> from <span>Dan Ramos :verified:</span></div></header><div>@eriner  This seems familiar, eh?  😎  Once again, thank you!Mastodon vulnerability allows attackers to take over accounts
https://www.bleepingcomputer.com/news/security/mastodon-vulnerability-allows-attackers-to-take-over-accounts/</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Sunday, 04-Feb-2024 12:57:03 JSTAlex Gleason
- Dan Ramos 🇵🇹🇺🇸 :verified:
"Mastodon vulnerability allows attackers to take over accounts"

Snopes: Mixed

It's a serious vulnerability for sure: "allowing attackers to impersonate users and take over their accounts"

But while this part is true: "allowing attackers to impersonate users"

This part is exaggerated: "and take over their accounts"

Impersonating remote users doesn't allow you to log in as them, change their email or password, etc. It allows people to submit forged posts by them, and "trick" Mastodon servers into accepting it. Either way, interesting that this leaks into the wider web.

RT: https://noauthority.social/users/Dan_Ramos/statuses/111871157549735051
In conversationabout 10 months ago from gleasonator.compermalink
Attachments
1. No result found on File_thumbnail lookup.
  Dan Ramos :verified: (@Dan_Ramos@noauthority.social)
  from Dan Ramos :verified:
  @eriner This seems familiar, eh? 😎 Once again, thank you! Mastodon vulnerability allows attackers to take over accounts https://www.bleepingcomputer.com/news/security/mastodon-vulnerability-allows-attackers-to-take-over-accounts/

Public

Embed Notice

HTML Code

Corresponding Notice