"Edison Mail rolls back update after users reported they could see strangers' emails. The company says the issue was caused by a bug, not a security breach."

WELL, in that case there is no need to worry, I guess? 😂🤦

· · Web · 9 · 7 · 25

@fribbledom "why is there a big hole in the bank vault?"

"don't worry about the big hole. we put that there, not any intruder."

@fribbledom old and busted: it's not a bug, it's a feature
new hotness: it's not a security breach, it's a bug

@fribbledom These iOS mail apps are a disaster.
I wish Apple would allow the creation of mail push certificates again, so people could use Dovecot plugins to send mail notifications.

@fribbledom Well technically they are right:
The issue is a security breach, but it was CAUSED by a bug...

@fribbledom It's not a worry yes/no thing, but they are different worries.

A bug in an update, rolled back is no-bug, and fixed is at least not that bug. They also know the scope of what was visible to others. (Email yes, password/hash no)

A breach on the other hand is worse. You rarely know what the scope is so have to assume everything.
Don't know what was planted so have to wipe/start over.

[I'm assuming they are being honest ofc]

@fribbledom Related story, I've only been "hacked" once, and it was my microwaves fault :P

I was rebuilding firewall rules, had network monitors open, also sunrpc running.

Went to heat some bagel bytes when someone exploited rpc and put an irc bot on my router.

I had my netflow monitor live and logging so knew exactly what happened, how to fix, and what was changed.
Had some fun taking over his bot and chan that night too.

Without those logs it would have been a very different evening!

@fribbledom don't have to report an incident if you say it's not an incident :smart:

@fribbledom Does the occurrance of a security breach absolutely imply a bug?

@gws @fribbledom No. A breach can be caused by things like a person abusing legitimate access, for instance. Say, an executive going rogue and publishing sensitive info to get revenge.

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!