Dropsafe

by Alec Muffett

TruthSocial’s $11bn valuation rests on old Mastodon code which may be poorly maintained

2024/03/27 13:27:23 GMT

Whatever people have paid for, it is not the engineering capability.

Click through to the entire thread because it is all worth a read and has several updates.

I don’t know who needs to hear this but #TruthSocial, which is running a forked version of Mastodon, does not from the source code appear to have appropriate mitigations in place for CVE-2023-36460, which theoretically allows attackers to create and overwrite any file Mastodon has access to, allowing Denial of Service and arbitrary Remote Code Execution https://nvd.nist.gov/vuln/detail/CVE-2023-36460 (probably other CVE’s as well, but some rely on federation which Truth Social doesn’t use?) #infosec
https://digipres.club/@ryanfb/112146904149736275

⊞

mastodon truth social

Dropsafe

TruthSocial’s $11bn valuation rests on old Mastodon code which may be poorly maintained

Comments

Leave a Reply Cancel reply

More posts

UK Government King’s Speech proposes “Cyber ASBO” with obvious risk of scope creep into censorship

Don’t take away our freedom to play games when we want | 38 Degrees

‘Von der Leyen Announces the EU’s New Age Verification App Claiming it is “Completely Anonymous” & users “Cannot be Tracked”’ | …the EU is about to have its ‘Clipper’ moment

From 2019: ‘If there were 5 million “bad people” on Facebook – terrorists, criminals, drug-dealers, whatever – that would be 0.2% of the userbase’