Galeoloc โ˜‘๏ธDec 1, 2022
Liam @ GamingOnLinux ๐Ÿง๐ŸŽฎ

You really don't want to be using Hive social.

https://zerforschung.org/posts/hive-en/

โš ๏ธ Warning: do not use Hive Social ๐Ÿ‘‰๐Ÿ๐Ÿ‘ˆ

Dieser Artikel ist auch auf deutsch erschienen. Update: The vulnerabilities are currently no longer exploitable because Hive deactivated their servers. More details Following the Twitter takeover, a number of services promising to be an alternative gained traction. One of those is โ€œHive Socialโ€, which reached more than a million users in the last weeks. Of course, we were interested and took a look at Hive from a security standpoint. We found a number of critical vulnerabilities, which we confidentially reported to the company. After multiple attempts to contact the company we finally reached them by phone and they acknowledged the report. After multiple days and multiple reminders by us, they claimed to fix them within the next two days. However after those two days, multiple vulnerabilities we reported were not fixed and still existed at the time of writing. โš ๏ธ We strongly advise against using Hive in any form in the current state.

Nov 30, 2022 at 11:54pmWeb
Show thread[AF]2050Dec 1, 2022
@gamingonlinux I'm weeping by looking at this critical failure of a "Twitter alternative".
So that's one out.
Now it's Post's turn.
Show threadHeroOfDermwoodDec 1, 2022
@AleF2050 @gamingonlinux Post has its own "it is a tos violation to make fun of rich people" problem.
Show threadMiveyDec 1, 2022
@gamingonlinux So it's insecure and run by people who don't care? I guess it really is a Twitter replacement.
Show threadโ˜•๏ธ๐Ÿฅž Jelly Doll ๐Ÿณ๏ธโ€๐ŸŒˆ๐Ÿณ๏ธโ€โšง๏ธDec 1, 2022
@gamingonlinux @mivey Iโ€™m sure they care a lot โ€ฆ all 3 of them.
Show threadEat My Wings To Keep Me TameDec 1, 2022
@gamingonlinux i was literally shouting from the rooftops about this lol
Show threadJimDec 1, 2022
@gamingonlinux Isn't it just two devs?
Show threadMDMRNDec 1, 2022
@gamingonlinux @debaoki And that's it, time to delete that account. The app was a buggy mess, but I tried it out as I knew folks on the service. But yea, nope. Big nope.
Show threadfigmentpuddingDec 1, 2022

@gamingonlinux They announced on Twitter an hour ago that they're shutting down their servers for a couple days to fix things.

I mean, is it ideal or perfect? No, but it's also a bit unheard of.

Show threadDebDec 1, 2022
@figmentpudding @gamingonlinux The issue is more on that they were reminded about it for couple of days, claimed to have fixed it, and are only just now taking down the servers because this has gone public.
Show threadfigmentpuddingDec 1, 2022

@deb @gamingonlinux

I'm just making sure folks are aware that (whether it's altruistic or "forced") Hive IS taking action on this, since the post and replies made it seem like they were continuing to ignore it.

Show thread๐•Š๐•™๐•’๐••๐• ๐•จ Dec 1, 2022
@gamingonlinux until recently I'd never heard of "Hive Social", I've got enough social media accounts.
Show threadpost lomeinDec 1, 2022
@gamingonlinux yep there's gonna be a bunch of opportunists out there, what you see is vulnerabilities, they see as opportunities.
Show threadpierreDec 1, 2022

@gamingonlinux what happens if you used it for some time?

It also looks like they took the app offline while they work on fixes

Show threadThom PintelloDec 1, 2022
@gamingonlinux
Interesting.
Show threadkarthee006Dec 1, 2022
@gamingonlinux 1.it's only having a mobile app
2.Its slow as hell in Android.
How it's a Twitter alternative idk๐Ÿ˜จ
Show threadThe Evaporated KidDec 1, 2022
@gamingonlinux Thereโ€™s something about the name โ€œhiveโ€ that unsettles me.
Show threadGantSentinelDec 1, 2022
@gamingonlinux Mastadon is a great alternative and yet a friend of mine (Who claims he loves Linux and wants to see it get better but won't do ANYTHING to help) says that independant social media is flawed. So does the majority of people. Sad since he is a CS Student.