Good lord can people stop taking advantage of vulnerabilities on Matrix instead of reporting them responsibly

@maloki because exploiting deployments with real users is bad

@kevin yes, but do you know what happens when people report vulnerabilities? A lot of the time, nothing.

@maloki I mean, yes, but it's also morally and legally bad to actually exploit another system you don't own.

I could understand if they contacted Matrix, gave them some time (a week, maybe?) to reply, and then released the details publicly. But these recent hacks have been just that - hacks.

@maloki That doesn't mean you can't criticize them.

@kevin true. This didn't sound like a hack though, just a leak from an insider.?

@maloki Yeah true, the latest one is less so. I was thinking more the actual hack into Matrix production infrastructure ~1 week ago, which (while it revealed some pretty damning security issues in their infra) seemed pretty ungood in terms of responsible disclosure.

Sign in to participate in the conversation

An instance for tech geeks, space fans, potato-lovers, and people who just enjoy messing around. Connected to Mastodon, a federated social network with thousands of instances and millions of users.