Kevin RussellJul 6, 2023

WARNING: Phishing Attacks, HTML markup to hide urls, are now in Mastodon.

While Mastodon does not have markup to allow hiding urls, they share API with "friendica" and friendica ALLOW HIDING URLS.

And friendica accounts can post on Mastodon.
I have asked for a solution, none is forthcoming.

Click NO LINKS that come friendica. Be wary of links on Mastodon, as if Mastodon were "email" - without any protections.

Multiple reports of other fediverse branches allow hiding urls. No Clicking links

Show threadKevin RussellJul 8, 2023

Mozilla, makers of open source free Firefox, joined Mastodon last week. Mozilla began testing Mastodon security, including how their server responded to attacks and more.

They found 5 major flaws, threats, including the ability to take over a server, control a server, with a post.

With a post. TootRoot.

"Mastodon fixes critical “TootRoot” vulnerability allowing node hijacking"

For 13 million users, #Mastodon NEEDS a security FOCUS.

Demand layers of protection.

https://arstechnica.com/security/2023/07/mastodon-fixes-critical-tootroot-vulnerability-allowing-node-hijacking/

Mastodon fixes critical “TootRoot” vulnerability allowing node hijacking

Most critical of the bugs allowed attackers to root federated instances.

Ars Technica
Show threadRobert Logger 🇳🇱
@kevinrns I see Mozilla.social online for months, but still closed for registration( that's why I'm at Vivaldi social right now.
Jul 8, 2023 at 7:35pmWeb