Web Security is Fun!
Dec. 19th, 2018 02:38 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
wolffylunaSo, you know how pillowfort.io had some security down time a little while ago? That was roughly when I went from 'ooh, I should buy a key some time' to '...let's wait and see.' Mostly because I'm not a security expert, and I didn't know the details, so I wasn't sure if they were caught out by something weird, or if this was a moonpig level You Should Have Predicted This sorta security issue.
Turns out, it looks like it was the latter!
Which, gee, oof. I mean, yay my instincts, for predicting it'd be this sort of thing-- but oooooof.
Yeah, so definitely not going to pillowfort until they've at least done some more pentests.
Turns out, it looks like it was the latter!
Which, gee, oof. I mean, yay my instincts, for predicting it'd be this sort of thing-- but oooooof.
Yeah, so definitely not going to pillowfort until they've at least done some more pentests.
no subject
Date: 2018-12-19 12:29 pm (UTC)The server's dev site lists every patched vulnerability, and the versions affected by it; Black Hat shopping list. :(
I don't know if they've patched that (I don't even know if they can), but I too have adopted a '...let's wait and see.' policy, while hoping my friends who haven't don't get burned.
no subject
Date: 2018-12-19 08:36 pm (UTC)turtlessecurity vulnerabilities all the way down.no subject
Date: 2018-12-20 12:54 pm (UTC)