Munin, Keeper of LoreApr 24, 2017

Hipchat has suffered an #infosec incident

https://blog.hipchat.com/2017/04/24/hipchat-security-notice/

They're blaming a "third party library" but, -extremely- annoyingly, have neglected to state which library it is - so be prepared to keep an eye out for other services having incidents in the future, if this isn't a case of hipchat having used something catastrophically out of date.

Show threadMunin, Keeper of LoreApr 24, 2017

Update: this is third-hand information, but a contact of mine at a competing organization who is organizationally familiar with the matter has been informed that the library in question has not yet been patched.

So the wumpus is out there, and we'll likely end up seeing a patch in...something get pushed out relatively soon.

Show threadMaiyannah BishopApr 24, 2017
@munin I wonder if we'll be seeing some "CloudBleed" shenanigans again.

I wonder if the Google PZ guy ever got his god damned t-shirt.  I mean he DOES deserve the highest honour Cloudflare's bug bounty program doles out.  (Which is a t-shirt)
Show threadDr. Edward Morbius ❌Apr 25, 2017

@maiyannah @munin Has anyone compiled a comprehensive list of /lower/ honours Cloudflare's bug bounty program doles out?

Binkies?
Soiled diapers?
Thongs? (Of any description.)

... ?

Show threadMaiyannah Bishop
@dredmorbius @munin Okay, I'm terrible, but I giggled.
Apr 25, 2017 at 8:31amWeb