@j12t@social.coop“the open source social web (aka the fediverse)”.
Hmm, not sure what to think about that description. I see the appeal but do we want to stretch “open source” all the way to include closed implementations of open protocols?
From a headline in #techcrunch about #flipboard.
@Xavier@infosec.exchangeThe threat actor said he registered with several different names on a particular Dell portal as a “partner.” A partner, he said, refers to a company that resells #Dell products or services. After Dell approved his partner accounts, Menelik said he brute-forced customer service tags, which are made of seven digits of only numbers and consonants. He also said that “any kind of partner” could access the portal he was granted access to.
“[I] sent more than 5,000 requests per minute to this page that contains sensitive information. Believe me or not, I kept doing this for nearly 3 weeks and Dell did notice anything. Nearly 50 Million requests…After I thought I got enough data, I sent multiple emails to Dell and notified the vulnerability. It took them nearly a week to patch it all up,” Menelik told #TechCrunch.
#infosec #breach
https://techcrunch.com/2024/05/10/threat-actor-scraped-49m-dell-customer-addresses-before-the-company-found-out/
@j12t@social.coopI'm not sure the #fediverse is used to be scrutinized and commented on by the press, like the ongoing #Techcrunch coverage by @… and others, e.g. about the recent spam at…
@j12t@social.coopI'm not sure the #fediverse is used to be scrutinized and commented on by the press, like the ongoing #Techcrunch coverage by @… and others, e.g. about the recent spam at…
@Xavier@infosec.exchangeThe threat actor said he registered with several different names on a particular Dell portal as a “partner.” A partner, he said, refers to a company that resells #Dell products or services. After Dell approved his partner accounts, Menelik said he brute-forced customer service tags, which are made of seven digits of only numbers and consonants. He also said that “any kind of partner” could access the portal he was granted access to.
“[I] sent more than 5,000 requests per minute to this page that contains sensitive information. Believe me or not, I kept doing this for nearly 3 weeks and Dell did notice anything. Nearly 50 Million requests…After I thought I got enough data, I sent multiple emails to Dell and notified the vulnerability. It took them nearly a week to patch it all up,” Menelik told #TechCrunch.
#infosec #breach
https://techcrunch.com/2024/05/10/threat-actor-scraped-49m-dell-customer-addresses-before-the-company-found-out/
