"Edison Mail rolls back update after users reported they could see strangers' emails. The company says the issue was caused by a bug, not a security breach."
WELL, in that case there is no need to worry, I guess? 😂🤦
@fribbledom "why is there a big hole in the bank vault?"
"don't worry about the big hole. we put that there, not any intruder."
@fribbledom old and busted: it's not a bug, it's a feature
new hotness: it's not a security breach, it's a bug
@fribbledom What the? A bug and a security breach are not mutually exclusive...
If I'd be a Edison customer I'd be sending them a GDPR delete everything about me request ASAP
@fribbledom Well technically they are right:
The issue is a security breach, but it was CAUSED by a bug...
@fribbledom It's not a worry yes/no thing, but they are different worries.
A bug in an update, rolled back is no-bug, and fixed is at least not that bug. They also know the scope of what was visible to others. (Email yes, password/hash no)
A breach on the other hand is worse. You rarely know what the scope is so have to assume everything.
Don't know what was planted so have to wipe/start over.
[I'm assuming they are being honest ofc]
@fribbledom Related story, I've only been "hacked" once, and it was my microwaves fault :P
I was rebuilding firewall rules, had network monitors open, also sunrpc running.
Went to heat some bagel bytes when someone exploited rpc and put an irc bot on my router.
I had my netflow monitor live and logging so knew exactly what happened, how to fix, and what was changed.
Had some fun taking over his bot and chan that night too.
Without those logs it would have been a very different evening!
@fribbledom don't have to report an incident if you say it's not an incident :smart:
@fribbledom Does the occurrance of a security breach absolutely imply a bug?
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!