Went there and got some… less than savory images. Do not recommend going there.

Did it get hacked or smth?

  • 0xtero@kbin.social
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    1 year ago

    Looks like Lemmy code has a security vulnerability, persistent XSS, that allows injection of Javascript into the sidebar and comments. That allowed the attacker to force load NSFW content even after lemmy.world admins cleaned up the first attack.

    There might have also been an admin account compromise at lemmy.world involved. Time will tell if these are related.

    Edit: Looks like the injected JS code also steals login tokens from your browser, so that explains the admin compromise. Probably a good idea to not visit Lemmy sites for time being (or block Javascript in your browser, which is always a good idea).

  • Vilian@lemmy.ca
    link
    fedilink
    arrow-up
    0
    ·
    1 year ago

    if you has account there, maybe, it depends how good is the cryptograph used in the lemmy.world, but if they got hacked, it’s means that others intances can too, so be sure to always have a different password for every account, and this is a rule to every account in the internet(you can use good and secure password manager)

    • AJ@kbin.social
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      Everything can be hacked. In cyber security, it’s “when, not if”

      • elscallr@kbin.social
        link
        fedilink
        arrow-up
        0
        ·
        1 year ago

        Yeah anyone not using randomly generated passwords at this point is just fucking up. I know exactly three of my passwords: the one for my email, the one for my password manager, and the one I’m likely to give out (streaming services and such). The worst anyone can do with the third is cancel my Disney+ or something, and it’s really only given to my mom and sisters.

          • elscallr@kbin.social
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            1 year ago

            Well this was a JWT compromise, I think, but even still people use really bad passwords all the time. A salt is stored with the user record. The salt’s job is to invalidate rainbow tables. If you have a collection of a million bad passwords you can check them all salted in a second or two. Obviously that’ll depend on the hashing algorithm to an extent.

    • CileTheSane@kbin.social
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      Entitled in what way? They no longer liked how the service was being offered to them and stopped using it?

        • FaceDeer@kbin.social
          link
          fedilink
          arrow-up
          0
          ·
          1 year ago

          Heh, that guy again. I wonder if he’s conducting some kind of experiment to see what happens when he gets his reputation score as low as possible?

          • Nepenthe@kbin.social
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            1 year ago

            I just assume drunken beatings were the only love he experienced as a child. Negative attention is still attention, and it’s the most likely explanation for choosing negative as your default.

            On the plus side, it always makes me stop and appreciate my own life. I could be that guy, but the only salty nuts I’m gargling are pistachios