FYI for anyone looking to deface more instances, That list is only updated every 24 hours. Depending on when it last run on your home instance, the info could be out of date.
Out of curiosity, where would the regulators go for a case like this? There's no "company" running it per. se.
Concerns were posted a few days ago, but no POC that used the exact same attack as we saw here. Basically, there were some warnings, and work was underway that would have prevented this, but it was not done fast enough. There is a patch now, that will take a while to roll out, plus a renewed focus on general and related issues.
Don't fall for it. They're also an admin on mastodon.world! :)
They defaced it with dicks and changed the federation list to be only threads.net. I don't think it was a state sponsored chinese hacking group. :)
You're not misunderstanding. They just solve more than one issue, and create a few too.
That's a personal preference though. You don't have a need for a relay. There are more than a few people who want to run their own instance and at least browse all the things without having to subscribe to them. This is a news aggregator at the core after all.
I've been pondering trying to make one, but it's not going to be a cake-walk. The tool (that was a script) I wrote ruffled some feathers for it's potential to destroy the lemmyverse. While I don't believe that could happen. I'm still interested in something easier and more integrated.
The theory is simple and I am willing to take a stab at it, but there might be road blocks trying to make or incorporate changes to the actual lemmy code.
That, is actually kind of fascinating and may be important info for someone doing a follow-up investigation. If that was the bad actor phishing for moderation access, why would they need that, when they already had an admin account? If it was legit, then it's super sus. whoever this app developer was needs to have a little light shone on them.
TBF, at least you're doing something.
I was trying to by funny. :(
If the only criteria to be in a private channel for admins is being an admin, there’s no use making it private. ;) Unless your just looking to filter out bad actors who don’t want to take 5 min and 5$ to make an instance.