Skip to main content

Search

Items tagged with: Matrix


 
OMG mais le journalsite qui a écrit ça sait-il de quoi il parle ?

"L’application s’appuie sur RIOT, un système d’exploitation open source et « ultra-léger, utilisable sur la multitude hétérogène des objets connectés ne pouvant gérer Linux faute de mémoire, de puissance ou d’énergie suffisante. » selon l’INRIA."

https://www.silicon.fr/tchap-une-messagerie-chiffree-pour-les-agents-de-letat-238859.html

#tchap #matrix #riot


 
#matrix

It's btw great to be a part of a team that takes this kind of an attack and as a team uses it to only come back stronger ❤


 
Security update: Sydent 1.0.2. If you run your own Sydent identity server and use the allowed_local_3pids setting in Synapse to restrict registration per email domain, you must upgrade. Thanks to @fs0c131y for finding the vuln.

https://matrix.org/blog/2019/04/18/security-update-sydent-1-0-2/

#matrix #security


 
Testing #matrix as cat image hosting for fediverse posts.


 
Un joli nom de domaine, pour la messagerie sécurisée du gouvernement https://botsin.space/@DNSresolver/101946113561070147 #DNS #Matrix #Riot


 
Anyone got a good tutorial for installing #matrix and #riot? There are some guides that I've found but I'm unsure of the quality of them.

Ideally they'd be compatible as an apache2 site, so I could run it on the same server as my other sites.


 
Einbruch in Chatserver Matrix.org #Defacement #Github #Hacking #InstantMessenger #Matrix


 

The problem with ssh agent forwarding

After hacking the matrix.org website today, the attacker opened a series of GitHub issues mentioning the flaws he discovered. In one of those issues, he mentions that “complete compromise could have been avoided if developers were prohibited from using [SSH agent forwarding]“.
#ssh #security #root #server #configuration #matrix #hack


 

Datenleck bei #Matrix


Diese E-Mail habe ich gerade erhalten:

System Security Notice for Matrix.org

On Thursday 11th of April, 2019 we identified and addressed a security issue affecting the matrix.org homeserver. You're receiving this email because you have an account on this homeserver.

An attacker gained access to the servers hosting Matrix.org. The intruder had access to the production databases, giving them access to any unencrypted message data, password hashes and access tokens (these access tokens have now been invalidated).

No plaintext passwords were leaked, but weak passwords could still be cracked from the hashed passwords. If you have not already done so you should change your password now.

If you have given an IRC bridge your NickServ password then you should change this password, too. There's no evidence bridge credentials were compromised, but we recommend changing this password as a precaution. We're still working to restore the IRC bridges, so for... show more


 

#Matrix: We have discovered and addressed a #security breach.


source: https://matrix.org/blog/2019/04/11/security-incident/

TL;DR: An attacker gained access to the servers hosting Matrix.org. The intruder had access to the production databases, potentially giving them access to unencrypted message data, password hashes and access tokens. As a precaution, if you're a matrix.org user you should change your #password now.


#hack #software #problem #warning #messenger


 

#Matrix: We have discovered and addressed a #security breach.


source: https://matrix.org/blog/2019/04/11/security-incident/

TL;DR: An attacker gained access to the servers hosting Matrix.org. The intruder had access to the production databases, potentially giving them access to unencrypted message data, password hashes and access tokens. As a precaution, if you're a matrix.org user you should change your #password now.


#hack #software #problem #warning #messenger


 
Bild/FotoJason Robinson wrote the following post Fri, 12 Apr 2019 14:31:34 +0200

It does prove the usefulness of #federation that through all the #Matrix outage, my account was not affected at all. Most of the people I chat to are on other servers than the one affected.

Federate ❤


 
Bild/Fotofridaysforfuture, but everyday wrote the following post Fri, 12 Apr 2019 10:01:20 +0200

hacker of matrix.org is giving a lesson on #infosec, through github issues at #matrix repo.
(thought server is compromised not the software)

I hoped they warned them befor doing.
If they did, and #matrix kept ignoring it, that's definatly a way to teach someone a lesson.

read here:
https://github.com/matrix-org/matrix.org/issues


 
Messenger: Matrix.org-Server gehackt. Die Software war wohl nicht betroffen.
Frankreich hatte sich vor kurzem entschieden, die Behörden mit Riot den Chat über die Matrix-Server zu starten.
#matrix #im #messenger


 

We have discovered and addressed a security breach - Matrix


https://matrix.org/blog/2019/04/11/security-incident/

If you have ever had an account on the matrix.org server, please reset the password and also any other sites passwords if you used the same password elsewhere.

More details by the team to follow.

#security #infosec #matrix


 
It does prove the usefulness of #federation that through all the #Matrix outage, my account was not affected at all. Most of the people I chat to are on other servers than the one affected.

Federate ❤


 
Mit Matrix.org ist einer der am meisten genutzten Server des Messengers Matrix gehackt worden. Betroffene sollten umgehend ihr Passwört ändern.
https://www.golem.de/news/messenger-matrix-org-server-gehackt-1904-140655.html
#Matrix #Synapse #Riot #Messenger


 

Matrix.org-Server gehackt - Riot


Mit Matrix.org ist einer der am meisten genutzten Server des Messengers Matrix gehackt worden. Betroffene sollten umgehend ihr Passwört ändern.
https://www.golem.de/news/messenger-matrix-org-server-gehackt-1904-140655.html
#Matrix #Synapse #Riot #Messenger


 
Messenger: Matrix.org-Server gehackt #Matrix #Datensicherheit #Ende-zu-Ende-Verschlüsselung #Hacker #InstantMessenger #Messenger #Passwort #Sicherheitslücke #Telekommunikation #Whatsapp


 

Incident with Matrix.org: Hacker's Story

GitHub issues of matrix.org pieced together as one "story":

I noticed in your blog post that you were talking about doing a postmortem and steps you need to take. As someone who is intimately familiar with your entire infrastructure, I thought I could help you out.

Complete compromise could have been avoided if developers were prohibited from using ForwardAgent yes or not using -A in their SSH commands. The flaws with agent forwarding are well documented.

Escalation could have been avoided if developers only had the access they absolutely required and did not have root access to all of the servers. I would like to take a moment to thank whichever developer forwarded their agent to Flywheel. Without you, none of this would have been possible.

Once I was in the network, a copy of your wiki really helped me out and I found that someone was forwarding 22226 to Flywheel. With jenkins access, this allowed me to add my own key to the host and make myself at home. There appeared to be no legitimate reaso
... show more


 
Matrix: "An attacker gained access to the servers hosting Matrix.org. The intruder had access to the production databases, potentially giving them access to unencrypted message data, password hashes and access tokens. As a precaution, if you're a matrix.org user you should change your password now."

Ups! Passwörter ändern!

https://matrix.org/blog/2019/04/11/security-incident/


#Matrix #Passwort #Hacking #Sicherheit


 

We have discovered and addressed a security breach - Matrix


https://matrix.org/blog/2019/04/11/security-incident/

If you have ever had an account on the matrix.org server, please reset the password and also any other sites passwords if you used the same password elsewhere.

More details by the team to follow.

#security #infosec #matrix


 
https://twitter.com/matrixdotorg/status/1116304867683905537
The developers of the platform for decentralized messaging Matrix have announced an emergency shutdown of the servers Matrix.org and Riot.im (the main client of the Matrix) in connection with the hacking of the project infrastructure. The first shutdown took place last night, after which the servers were restored, and the applications were reassembled from the source code. But later the servers were compromised a second time.
Bild/FotoOpenNews.opennet.ru: Общая лента новостей wrote the following... show more


 

We have discovered and addressed a security breach - Matrix


https://matrix.org/blog/2019/04/11/security-incident/

If you have ever had an account on the matrix.org server, please reset the password and also any other sites passwords if you used the same password elsewhere.

More details by the team to follow.

#security #infosec #matrix


 
Ist 'ne rhetorische Frage für mich. NATÜRLICH, würde ich!!! Und am liebsten in die Maschine, die mir vorgaukelt, gar nicht erst gewesen zu sein!

https://dia.so/3gd

https://dia.so/3ge

#antinatalismus #erlebnismaschine #leben #matrix #maya #illusion #allesFake #fakeNews


 
Ist 'ne rhetorische Frage für mich. NATÜRLICH, würde ich!!! Und am liebsten in die Maschine, die mir vorgaukelt, gar nicht erst gewesen zu sein! (siehe Schlagwort "Non-Natalisten"...)

#erlebnismaschine #matrix #non natalismus #hedonismus #leben #diePlackereiHierImWahnsinnDasIhrLebenNennt

Warkus' Welt: Ist das Leben mehr als die Summe aller Erlebnisse? - Spektrum der Wissenschaft


 

Matrix.org pwned!


An attacker gained access to the servers hosting Matrix.org. The intruder had access to the production databases, potentially giving them access to unencrypted message data, password hashes and access tokens. As a precaution, if you're a matrix.org user you should change your password now.




The hacker exploited a vulnerability in our production infrastructure (vulnerabilities in the groovy plugin in #Jenkins, multiplied by the incorrect setting of the CI sandbox). Homeservers other than matrix.org are unaffected.

Forensics are ongoing

#hack, #cybersec, #matrix, #securityincident


 
fridaysforfuture, but everyday - 2019-04-11 22:42:30 GMT
'if you're a matrix.org user you should change your password now.'

It's running again, but:
'The hacker exploited a vulnerability in our production infrastructure'

https://matrix.org/blog/2019/04/11/security-incident/

#infosec #matrix


 
Matrix.org publishes timeline after security breach:

https://matrix.org/blog/2019/04/11/security-incident/

– the attacker exploited vulnerabilities in Jenkins
– the attacker had full database access, including access to unencrypted content like private messages, passwords hashes, access tokens
– Matrix.org recommends changing your password (including NickServ password)

#matrix #breach #infosec #cybersecurity #security


 
https://todon.nl/@paulfree14/101909957892477960

'if you're a matrix.org user you should change your password now.'

It's running again, but:
'The hacker exploited a vulnerability in our production infrastructure'

https://matrix.org/blog/2019/04/11/security-incident/

#infosec #matrix


 
'if you're a matrix.org user you should change your password now.'

It's running again, but:
'The hacker exploited a vulnerability in our production infrastructure'

https://matrix.org/blog/2019/04/11/security-incident/

#infosec #matrix


 
Turns out that there was a successful compromise of the Matrix infrastructure happening.

Details from Matrix on Twitter: https://twitter.com/matrixdotorg/status/1116388572922302466

You may ask how that could happen, but more important: It didn't stay unnoticed and that's a good sign.

#Matrix #Riot #matrixDown #infosec


 
For those who run on Matrix.org and wonder why there is no connection:

Matrix announced an emergency maintenance… on Twitter:

https://twitter.com/matrixdotorg/status/1116304867683905537

Sadly @matrix didn't receive the love it deserves and informs the Fediverse.

Anyway, that's why we have a community. We compensate short coming of each other and together make sure the world becomes a better place!

#Matrix #matrixDown #riot


 
Les serveurs de matrix.org / riot.im et vector.im sont down suite à une attaque.

Ils remontent leur infrastructure from scratch...le chat Nuage Libre n'est pas affecté et fonctionne correctement, seules les intégrations (actuellement dépendantes de vector.im) sont inopérentes. Merci la décentralisation...

https://twitter.com/matrixdotorg

#matrix #riot #décentralisation #nuagelibre


 

🔥 Matrix.org was hacked 🔥


The matrix.org server is offline at the moment, it can take several hours until it is online again.
For further information see here (Mastodon)

#matrix #hack #offline #server


 
matrix.org is down due to some urgent security maintenance.
Meanwhile, please upvote decentralised identity tickets at their spec issues, this would eliminate homeserver as single point of failure for user accounts.

https://github.com/matrix-org/matrix-doc/issues/915
https://github.com/matrix-org/matrix-doc/issues/712

#matrix #matrixdotorg