Apologies if my terminology/speech is tongue-tied, I'm not really a hacker and I'm not particularly much of a communicator in these sorts of things, but I'll get to the point.
Now, you may have heard of Pillowfort, basically an attempt at creating a Tumblr/Wordpress hybrid that kinda picked up after the Tumblr horny ban. I've used it for over 2 years, and it was a joy to use as a creator, and the community was small but it was very good/lively, and it was a great place to discover new artists.
Then shit hit the fan when, during their full public opening, a bunch of people came in and found huge security vulnerabilities; like apparently extremely basic ones; that had been around for years that the beta testing hadn't caught, along with one that had been found ages ago but hadn't been urgently fixed. They had to go offline for months to fix it, and while the hacker community had their fair share of vitriol, the way they handled the hacker community's responses was... clumsy at best. Not helped by the fact that they're a tiny; tiny team for a project of this scale.
So, now they're opening up very soon, on the 29th to be exact, but they're going back to invite-only for now, until they get all security vulnerabilities worked out.
I bring this all up because, as a member, I can give out membership keys for free; 3 a week; and I was wondering if anyone here might be game for me sending them one when PF opens back up, for the sake of potentially joining to try to furrow out some of the bugs/security holes?
Like, doing greyhat-type poking and prodding and such, like the initial "Holy shit it is laughably easy to hack this site" stuff folks did during that disastrous launch.
Because, I am really terrified of another incident further torpedoing their reputation, and the team has shown they're not good at this, and I really, really want PF to succeed, we need more places to hang out on the rapidly gentrifying hell that is the internet, and god knows we deserve a better platform for NSFW artists than fucking Twitter, so this problem needs to be stamped out before it can cause even more issues.
They are offering a bug bounty (Tho that too has been... somewhat fumbled) and the keys normally cost 5 bucks a pop otherwise, so I figured that someone might find this an offer worth something.
I hope this isn't too gauche an ask, and if anyone is willing to take me up on this, I am deeply grateful. Thank you.
[link] [comments]
from hacking: security in practice https://ift.tt/3tNxl3P
Comments
Post a Comment