Good lord can people stop taking advantage of vulnerabilities on Matrix instead of reporting them responsibly

@maloki because exploiting deployments with real users is bad

Follow

@kevin yes, but do you know what happens when people report vulnerabilities? A lot of the time, nothing.

@maloki I mean, yes, but it's also morally and legally bad to actually exploit another system you don't own.

I could understand if they contacted Matrix, gave them some time (a week, maybe?) to reply, and then released the details publicly. But these recent hacks have been just that - hacks.

@kevin true. This didn't sound like a hack though, just a leak from an insider.?

@maloki Yeah true, the latest one is less so. I was thinking more the actual hack into Matrix production infrastructure ~1 week ago, which (while it revealed some pretty damning security issues in their infra) seemed pretty ungood in terms of responsible disclosure.

Sign in to participate in the conversation
Elekk: Mastodon for Gamers

Elekk is a Mastodon instance by gamers, for gamers. Games of any type are welcome here - computer, video, tabletop, etc. - as well as game development of any kind. GAMERGATE AND THE ALT-RIGHT ARE NOT WELCOME HERE. Elekk is not hosted in the EU and does not recognize the authority of the EU to govern the internet.