@administrator @aab I'm just guessing, but it could be related to an exploit someone launched against #Mastodon and #Misskey yesterday. From what I read, it brought several instances to their knees. Misskey released a #security patch yesterday.
Tagging this thread with #Fediverse #Security ... whomever made the script obviously read some protocol docs and some source code. With just a little #JavaScript, they were able to knock some #Misskey and #Mastodon instances to their knees.
This isn't the first, and it won't be the last. Remember when someone posted a humongous image and locked up any #GNUSocial instance that tried to download the image? Remember when someone's instance was replaced by some sort of cryptocurrency site and PuSH es from your site to theirs would crash your site because of their site's response? (I'll bet I still have that domain blocked at the firewall.)
We have to stop being naive about the intentions of those in the current migration. The overwhelming majority will have benign, if not good, intentions. But a select few will have bad intentions. Among those intentions is to colonize the Fediverse with #Twitter's culture, to come here and impose that culture of anger and disrespect upon the inhabitants here ... which already happened once with the first wave of people joining #Mastodon instance, except it was Twitter and #Tumblr at that time.
> Researchers have unearthed a discovery that doesn’t occur all that often in the realm of malware: a mature, never-before-seen Linux backdoor that uses novel evasion techniques to conceal its presence on infected servers, in some cases even with a forensic investigation.
> On Thursday, researchers from Intezer and The BlackBerry Threat Research & Intelligence Team said that the previously undetected backdoor combines high levels of access with the ability to scrub any sign of infection from the file system, system processes, and network traffic. Dubbed Symbiote, it targets financial institutions in Brazil and was first detected in November.
>OpenSSL has released a security update to address a vulnerability affecting all versions of 1.0.2 and 1.1.1 released before version 1.1.1i. An attacker could exploit this vulnerability to cause a denial-of-service condition.
>EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)
>======================================================
>
>Severity: High
>
>The X.509 GeneralName type is a generic type for representing different types
>of names. One of those name types is known as EDIPartyName. OpenSSL provides a
>function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME
>to see if they are equal or not. This function behaves incorrectly when both
>GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash
>may occur leading to a possible denial of service attack.
>
>OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes:
>1) Comparing CRL distribution point names between an available CRL and a CRL
> distribution point embedded in an X509 certificate
>2) When verifying that a timestamp response token signer matches the timestamp
> authority name (exposed via the API functions TS_RESP_verify_response and
> TS_RESP_verify_token)
>
>If an attacker can control both items being compared then that attacker could
>trigger a crash.
>...
>1. EXECUTIVE SUMMARY
>
> CVSS v3 9.8
> ATTENTION: Exploitable remotely/low skill level to exploit
> Vendor: Multiple (open source)
> Equipment: uIP-Contiki-OS, uIP-Contiki-NG, uIP, open-iscsi, picoTCP-NG, picoTCP, FNET, Nut/Net
> Vulnerabilities: Infinite Loop, Integer Wraparound, Out-of-bounds Read, Integer Overflow, Out-of-bounds Write, Improper Input Validation, Improper Null Termination
>
>CISA is aware of a public report, known as “AMNESIA:33” that details vulnerabilities found in multiple open-source TCP/IP stacks. CISA is issuing this advisory to provide early notice of the reported vulnerabilities and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.
>
>The various open-source stacks may be implemented in forked repositories.
>2. RISK EVALUATION
>
>Successful exploitation of these vulnerabilities could allow attackers to corrupt memory, put devices into infinite loops, access unauthorized data, and/or poison DNS cache.
>3. TECHNICAL DETAILS
>3.1 AFFECTED PRODUCTS
>
>The following are affected:
>
> uIP-Contiki-OS (end-of-life [EOL]), Version 3.0 and prior
> uIP-Contiki-NG, Version 4.5 and prior
> uIP (EOL), Version 1.0 and prior
> open-iscsi, Version 2.1.12 and prior
> picoTCP-NG, Version 1.7.0 and prior
> picoTCP (EOL), Version 1.7.0 and prior
> FNET, Version 4.6.3
> Nut/Net, Version 5.1 and prior
>...
#Security