Discussions related to Infosec.pub

Do you want to help and be part of the most amazing space crew (wink )? Call for volunteers are open! #cybersecurity https://twitter.com/HackRedCon/status/1679476064173584388?s=19

Guys, gals, and non-binary pals be sure to grab your ticket for #HackRedCon

This year we have the wonderful Louisville Slugger hosting, so baseball fans be sure to book now!

https://t.co/MYPBBCnUNu

Pretty much the title. is federation broken? I hardly see comments anymore since about 1-2 days. the “new” page is pretty much stagnant :(

And do they have to be infosec focused?

Hi all. I’ve disabled new community creation and federation until there is a fix for the latest vulnerability

Discussion from here: https://lemmy.ml/post/1895271

Relevance: Infosec.pub may wish to consider defederation temporarily.

Temporary fix in place, but instances remain vulnerable. Post: https://lemmy.world/post/1290412

• UPDATE 2:58 UTC the injected code was removed from the main page, but cleanup efforts are still underway.
• UPDATE 3:11 UTC situation appears to be under control, but browse with caution.
• UPDATE 3:35 UTC main page exploited again! Website is unsafe.
• UPDATE 4:01 UTC reports coming in that other instances are getting owned. One report of comments trying to inject JavaScript into the page.
• UPDATE 4:13 UTC XSS vulnerability in page sidebar is reported relationship to the event is unknown.
• UPDATE 7:17 UTC Root cause was identified a while ago.

In Firefox I am unable to upload images either as the subject of a post, or as a part of the body using the image button. I receive the following error:

SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data client.js:2:1753277
    Hp https://infosec.pub/static/7197474/js/client.js:2
    (Async: promise callback)
    Hp https://infosec.pub/static/7197474/js/client.js:2
    n https://infosec.pub/static/7197474/js/client.js:2

I found a github issue about it but it's really old, so I'm thinking it's not that relevant, even though it pretty much describes the issue exactly:

https://github.com/LemmyNet/lemmy-ui/issues/403

There are some other issues in the lemmy backend repo:

https://github.com/LemmyNet/lemmy/issues?q=is%3Aissue+unexpected+character+at+line+1+column+1+is%3Aclosed

Anyone else noticing this or is it just me?

EDIT: Probably should have checked first but this happens on other instances running 0.18.1, so I guess it doesn't matter, seems to be an upstream issue.

Is there a setting to default all external links to a new tab? I'm used to that behavior from infosec.exchange. I keep finding myself having to reopen infosec.pub after going down a rabbit hole.

As some have pointed out, there was a serious xss vulnerability in lemmy disclosed yesterday. The Lemmy team released a fix a bit ago and I've since patched infosec.pub.

Is Jerry hosting a Kbin instance?

Not getting any response. TIA

Be careful what posts you click until this is patched.

EDIT: Clarify, this server I expect is also vulnerable, hence the choice of community.

There are many communities I cannot view with this account.

Ukraine@kbin.social is one example.

But there are quite a few by browsing the “trending” communities on WefWef.

What gives?

I'm a member of the sim racing community on lemmy.ml.

https://lemmy.ml/c/simracing

If I go directly to that community there is a pinned post:

https://lemmy.ml/post/1703575

But if I browse the community from here on infosec.pub:

https://infosec.pub/c/simracing@lemmy.ml

The post is missing. Other new posts seem to be present and comments are working as expected since I was able to ask a question about said post in a different thread just now: https://infosec.pub/comment/591176

Has anyone else noticed this?

EDIT: In case anyone lands here with weird missing post or comment issues. I found that to work around this you can search for the direct link for both posts and comments which will force whatever instance you are on to find and show them. Probably not a great long-term solution but it works if you just want to reply to one or two people.

Is anyone else facing issues finding and subscribing to communities? For instance, I am unable to find !fitness@lemmy.world in the search. Only Vegan Fitness shows up when i search for "fitness".

Edit: I am able to find fitness@lemmy.world now. I am still not sure what makes communities not turn up on my search.

Since Lemmy is so new, and the default interface is not always that ... great (yet), ~dispite @jerry@infosec.pub best efforts~

what app do you use to view posts on here?

I was using wefwef.app and am considering hosting my own. what do you all use?

current Tally:

• Lemmy Native
• Memmy
• WefWef.app
• Jerboa
• Connect
• Boost (not released) -liftoff
• Thunder
• ...

Hey, I'm pretty happy here on infosec.pub. A lot of my interests are related to the subject matter at hand. Most of the discussions online (that I am interested in) are in English, and that works just fine here. However, due to an incredible amount of bad luck, I also happen to be Dutch. Due to that condition, I sometimes want to see Dutch content. Currently, that doesn't seem to be possible on infosec.pub. The option is just not there on the list of languages on this instance. Therefore, I would like to request support for the Dutch language, the label is Nederlands ( see feddit.nl posts for example ) on infosec.pub. Thank you for your time.

What about setting the new language of a post to English? There are people that don’t know how lemmy works that keep on opening new posts and leaving the language to “Undetermined” by mistake so no one can answer them.

For some strange reason I am unable to block most communities. Tried both Firefox and Chrome.

The "Block community" button is replaced with text. Is it a known bug?

This collection of networks offers no end to end encryption. Anyone with administrator access to an Instance can read anything that travels through that Instance’s infrastructure – including direct messages. The level of risk correlates with the number of cross-Instance interactions between users. If users from different Instances communicate, an attacker need only compel one Instance to reveal the direct messages between all of the interacting accounts. The centralised equivalents – Twitter, Tumblr, etc – can cloak their users through governance and resources. In a peer-to-peer network without encryption, there’s no structure, no agreed-upon governance, and absolutely no protection. Compromising or compelling an Instance or its staff means that all of network traffic is laid bare to its assailant.

I’d love to have a discussion on this (now fairly old) article which IMO has yet to provoke the kind of much-needed action on this topic that we, as a community of cypherpunks, are capable of.

Hi, I saw this Beehaw post while browsing All. Anything we need to be concerned about?

EDIT: False alarm, see himazawa's response.

Hey pub-folk, I've recently published my take on the "threadiverse" in the form of a quasi-guide but with some other commentary. Appreciate any feedback, good or bad!

We appreciate the work y'all do

Lemmy and kbin have been... exciting to set up and debug.

There is a new version of lemmy in RC right now that should fix most of the issues we've been seeing, or at least give error messages that indicate what is going on.

I don't seem to be able to comment on any posts on other lemmy instances. For example https://infosec.pub/c/privacyguides@lemmy.one . When I try to comment it just spins. I expected issues with lemmy.ml but I've now tried several instances and experience the same problems.

Also comments on many posts don't match what you see if you go directly to the remote instance to view the thread.

Is there some federation issue with infosec.pub?