C.<p>Guide to Interpreting Security Incident <a href="https://mindly.social/tags/Announcements" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Announcements</span></a>:</p><p>"extremely sophisticated attack" : The attackers put more time into the attack than we spent designing our defences.</p><p>"no evidence customer <a href="https://mindly.social/tags/data" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>data</span></a> was accessed" : We lack audit records and the logs have been rotated out.</p><p>"due to a misconfiguration issue" : We deployed with default <a href="https://mindly.social/tags/insecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>insecure</span></a> settings.</p><p>"possible for only a short window" : We didn't dig too deep to determine how far back the bug existed.</p><p>"crafted invalid request data" : We forgot to add input <a href="https://mindly.social/tags/validation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>validation</span></a>.</p><p>"supplementary fix" : We didn't understand the problem as well as we thought, so our previous fix was insufficient.</p><p>"may have been exploited" : We're positive they got away with data, but they deleted our <a href="https://mindly.social/tags/logs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>logs</span></a>.</p><p>"multiple threat actors" : Everyone was in our systems before we noticed.</p><p>"most customers are unaffected" : There are corner cases that aren't as <a href="https://mindly.social/tags/vulnerable" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerable</span></a>.</p><p>"error in a third-party component" : We forgot to update our dependencies.</p><p>"could lead to remote code execution" : You're <a href="https://mindly.social/tags/p0wned" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>p0wned</span></a>.</p><p>"malicious activity has been observed" : The issue has already appeared in the press.</p><p>"review equipment inventory to verify if devices require other mitigations" : You need to buy new stuff.</p><p>"remotely exploited to allow authentication bypass" : We forgot to require <a href="https://mindly.social/tags/login" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>login</span></a> for this function.</p><p>"not aware of any exploits in the wild" : The attackers aren't bragging on darkweb fora yet.</p><p><a href="https://mindly.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://mindly.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mindly.social/tags/incident" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>incident</span></a> <a href="https://mindly.social/tags/obsolete" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>obsolete</span></a> <a href="https://mindly.social/tags/vendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vendor</span></a> <a href="https://mindly.social/tags/system" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>system</span></a> <a href="https://mindly.social/tags/configuration" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>configuration</span></a></p>
mastodon.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
The original server operated by the Mastodon gGmbH non-profit
Administered by:
Server stats:
330Kactive users
mastodon.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.0-nightly.2025-04-28
#p0wned
0 posts · 0 participants · 0 posts today
Albert Cardona<p>Of the top 20 "404"s of my personal website, 18 are for WordPress pages. My blog is entirely static, i.e., these failed requests are attempts at hacking. The other two are for ".git" and for ".env".</p><p>Be careful out there. If you use WordPress at all, the likelihood you've let something open is high; lots of surface of attack. Read the manual.</p><p><a href="https://mathstodon.xyz/tags/WebMaster" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebMaster</span></a> <a href="https://mathstodon.xyz/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a> <a href="https://mathstodon.xyz/tags/p0wned" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>p0wned</span></a></p>
Jay Little<p><span class="h-card" translate="no"><a href="https://mastodon.seattlematrix.org/@mousey" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mousey</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@arstechnica" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>arstechnica</span></a></span> Well shit I do love a good George Carlin quote...</p><p><a href="https://fosstodon.org/tags/p0wned" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>p0wned</span></a></p>
España Piparra<p>JAAAAAJAJAJAJ <a href="https://mastodon.social/tags/p0wned" class="mention hashtag" rel="tag">#<span>p0wned</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload