mailmareSusan Werner
.@AmyDentata @lucypaw @kirimuffin He and others have mentioned it to site admins many many times before..and it's *not an exploit* >>>
mailmareSusan Werner
.@AmyDentata @lucypaw @kirimuffin >> it's just using publicly posted usernames/passwords on bugmenot and automatically feeding them to FL.
mailmareSusan Werner
.@AmyDentata @lucypaw @kirimuffin there's few fixes for this "vulnerability" except intrusive stuff--like doing a captcha to see every page
mailmareSusan Werner
.@AmyDentata @lucypaw @kirimuffin (this is not endorsement for what he did - I don't quite agree with it but for reasons not yet public)
mailmareSusan Werner
.@AmyDentata @lucypaw @kirimuffin All that information was already public and was already being accessed in ways fully allowed by fetlife >>
mailmareSusan Werner
.@AmyDentata @lucypaw @kirimuffin >>.it's not a dick move to engage in full disclosure when non-full disclosure has not induced a fix. >>>
mailmareSusan Werner
.@AmyDentata @lucypaw @kirimuffin >>> all full-disclosure does is even the playing field -- people who would abuse this information had >>>>
mailmareSusan Werner
.@AmyDentata @lucypaw @kirimuffin >>>> already known about it a long time ago, and those at risk didn't know it: en.wikipedia.org/wiki/Full_disc…
AmyDentataAmy Dentata
@maymaym Those aren't linked to on the post about the proxy, nor is the history mentioned. Most people on FetLife don't read your blog.
maymaymmaymaym
@AmyDentata If I link, they tell me I'm "self-promoting." If I don't link, you make malicious assumptions about me. Both are tone arguments.
AmyDentataAmy Dentata
@maymaym No it's not. Saying "hey, FetLife has a history of security issues which they never fixed–here's an example" is all you need to do.
maymaymmaymaym
@AmyDentata You're right, I could've done that. I'm SO sorry for my several year history of doing exactly that, getting absolutely no where.
maymaymmaymaym
@AmyDentata If I had done that, I fear I would've been ignored yet again. I could be wrong, but I was done w/self-preservation. News spread.
maymaymmaymaym
@AmyDentata It astounds me ppl so versed in what silencing looks like blame me for changing my tone+tactic after years of being brushed off.
maymaymmaymaym
@AmyDentata Well, gee, thanks. Maybe you can be even more helpful next time and not start talking shit when you know you're missing context.
maymaymmaymaym
@AmyDentata Okay—fair 'nuff. And now you know differently. I reiterate, maybe next time you won't be so quick to jump to conclusions. Maybe.
AmyDentataAmy Dentata
@maymaym Welcome to Tumblr. Next time you do something like that, it would be wise to mention the history & intent in the post itself.
AmyDentataAmy Dentata
@maymaym Maybe keep that in mind next time you decide to publicly link to information assumed (incorrectly or not) to be private?