this post was submitted on 10 Jul 2023
471 points (99.0% liked)

Fediverse

17683 readers
70 users here now

A community dedicated to fediverse news and discussion.

Fediverse is a portmanteau of "federation" and "universe".

Getting started on Fediverse;

founded 4 years ago
MODERATORS
 

FYI!!! In case you start getting re-directed to porn sites.

Maybe the admin got hacked?


edit: lemmy.blahaj.zone has also been hacked. beehaw.org is also down, possibly intentionally by their admins until the issue is fixed.

Post discussing the point of vulnerability: https://lemmy.ml/post/1896249

Github Issue created here: https://github.com/LemmyNet/lemmy-ui/issues/1895

you are viewing a single comment's thread
view the rest of the comments
[–] ebits21@lemmy.ca 7 points 1 year ago (9 children)

Mostly a risk on initial setup.

I’ve been waiting a bit for it to stabilize and just using huge random passwords

[–] Zetaphor@zemmy.cc 5 points 1 year ago (8 children)

If you're using a password manager you'd be doing this for every site and without even having to think about it. Bitwarden is a great choice.

[–] Cube6392@beehaw.org 5 points 1 year ago (6 children)

I like KeePass. Bitwarden currently has an nginx exposure in the Dockerfile published in their git repo (may have been fixed since a couple of days ago). That said, I used Bitwarden for many years and switched out of an abundance of paranoia, and am definitively not recommending against it. Just basically use one of the following:

  • Bitwarden
  • KeePass
  • 1password

And stay far the fuck away from LastPass

[–] delollipop@beehaw.org 2 points 1 year ago (2 children)

my uni is currently still recommending lastpass as of now, tho I’ve heard they might be looking for alternatives …

[–] Boeman@lemmy.ml 3 points 1 year ago (1 children)

LastPass has had a few security incidents lately. I do not trust them at all.

[–] Zetaphor@zemmy.cc 1 points 1 year ago

This was not the first and it won't be the last. They've had issues going as far back as 2015. Don't keep your credentials with a paid platform. Use something you can fully audit and control yourself like Bitwarden or KeePass

[–] Cube6392@beehaw.org 1 points 1 year ago

Let your classmates know that last pass has semi permanently damaged their trustworthiness by trying to hide a security breach, and then downplaying the severity of the breach, and that your University's security recommendations are intrinsically suspect as a result

load more comments (3 replies)
load more comments (4 replies)
load more comments (4 replies)