Also here on the better social network:
https://twitter.com/flyryan/status/850447987931262977 <= the previous slides mention an important thing: You also need to create 40 new sessions in the victim's session store in order to purge the session to be replayed first. This Replay is possible due to reuse of the "lastresort" prekey and the missing integrity check on the prekey msgs.
There is something which scares me on mastodon. I see more and more people installing instances while they don't have a clue about what they're doing.
Then their instance is going to be listed on the website and people will be randomly redirected toward them when someone wants to use mastodon.
But then what happen?
Hosting someone's services is not fun or anything. It's a liability and I hope you have that in mind.
Also, pick carefully your instance.
when @Gargron gets VC
One more time, welcome to all my #infosec peeps.
I came here for the culture which is not twitters culture. No companies, no jerks, no personal brands, no ironic accounts.
Be nice, be real, or please leave. And remember this is an open source product running on the 1 dev's personal server.
Don't complain and please give the dude some $$$
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!