BrianKrebsSomeone has registered a ton of new accounts and is spamming with messages saying I'm a pedophile. Sorry @jerry
Jerry π¦ππ¦@briankrebs I just nuked the ones you reported. Iβll keep an eye out for more
@jerry just search messages for krebson. reporting them all would take quite some time.
David Penfold 
Krebson S Curity esq?
@briankrebs my apologies - I didn't intend for you to have to report them. I went spelunking and found about 60 accounts taken over, about 2/3 of which hadn't posted yet. I'll keep searching for more. My sincere apologies for this.
@jerry No worries. I'm sorry that this is almost certainly in response to my last story. He's been raging ever since this thing dropped.
Cliff'sEsportCorner@briankrebs @jerry IDK if it helps, but your both appreciated for doing good. Unfortunately IRL that seldom means getting any external prizes.
Allpoints@jerry @briankrebs this, right here, is one of the major reasons why the fediverse is awesome. Actual humans administering instances and caring about their users.
WestFox35@allpoints @jerry @briankrebs One of the reasons infosec.exchange is awesome*
Plenty of fediverse instances out there that treat their instance like a cash cow and do the bare minimum.
Rob RicciThis is how moderation *should work*, done by people who understand their users and the actual threat model
@ricci @allpoints I dunno. I feel like I let @briankrebs down by letting so many accounts get taken over to dog pile him.
@jerry @allpoints @briankrebs I will take an identifiable human doing their best over a faceless unaccountable system every time
@ricci @jerry @briankrebs same. Stuff happens and you can't block every threat or find every bug in advance. It's the response to those issues that's key.
Andrew Kalat
Droppie [opensoc]so many accounts get taken over
eeek, that's extremely alarming! because i much prefer the feature-set of #Friendica compared to Masto, these days my daily fedi is the former [from whence i post this now], with my #infosecspace account mainly "just" for emergency fallbacks. now i'm wondering if i should make a habit of visiting it daily again just to keep an eye on it π€π€·ββοΈ
@msdropbear @briankrebs @ricci @allpoints enable 2 factor authentication and you wonβt have to worry.
hmmmm.
Two-factor AuthScan this QR code into Google Authenticator or a similar TOTP app on your phone. From now on, that app will generate tokens that you will have to enter when logging in.
If you can't scan the QR code and need to enter it manually, here is the plain-text secret:
can't see how that is any help for me
- my phone is for only calls & texts, nothing else
- all my fediversing & browserising is done on my Linux pooters
- i will never use any google service by choice
- i never use qr codes
π€π€·ββοΈ
ta anyway.
plasticine_era@msdropbear @jerry @briankrebs @ricci @allpoints
I don't know if this particular one is any good/secure ..but there are TOTP code apps for linux (like this one) you could check out if you don't want to go the phone based route. You may need a camera if you want to import QR codes.
https://github.com/paolostivanin/OTPClient. with instructions https://github.com/paolostivanin/OTPClient/wiki/How-to-use-OTPClient
Sean π€·ββοΈπ€·ββοΈπ€·@jerry @briankrebs Should they not appear in this server's live feed or do you need reports on them?
@seanwbruno @briankrebs I am looking for them in some ways that I'm not going to describe here, but if you see any that I'm not catching, I'd appreciate a pointer to them
rugk@jerry
Uff my support. How comes this? Kinda "funny" side note: I saw one saying "you are a PDF" - I mean it's this a real user using a keyboard with autocorrect?
@seanwbruno @briankrebs
Uff my support. How comes this? Kinda "funny" side note: I saw one saying "you are a PDF" - I mean it's this a real user using a keyboard with autocorrect?
@seanwbruno @briankrebs
Samuel Smith@rugk @jerry @seanwbruno @briankrebs not exactly, "pdf file" is a way to say it without triggering automated censors.
@rugk No worries. I only learned about it a few months ago.
Now I'm wondering when this algospeak started?
https://www.bbc.com/future/article/20251118-the-words-you-cant-say-on-the-internet
Wendroid πΊπ¦@briankrebs @jerry Noted - will nuke! ππΌ
Gurologe@briankrebs @jerry ...nuked some.
@briankrebs so far they're all older accounts with no 2fa, so guessing someone got an infostealer cred dump that has i.e accounts
Robert [KJ5ELX] 
@jerry @briankrebs wow, sorry you're going through this. I need to up my monthly donations. I'll do that today. $$$.
Allan Chow@jerry @briankrebs I guess I should turn on 2fa huh
@grumpasaurus @briankrebs don't make me tap the sign :)
Frederic Pasteleurs@briankrebs you must have done something right to piss off such an idiot so badly.