lucypaw Lucy
@kirimuffin The good news is any indexing will fail if people try to follow the link but there may be an index.

August 11, 2012 #

AmyDentata Amy Dentata
@lucypaw @kirimuffin What the hell was his intent? That's not how you whitehat.

August 11, 2012 #

lucypaw Lucy
@AmyDentata @kirimuffin To show faily a walled garden #fetlife is? I dunno. He's not a whitehat. He's an arsehat.

August 11, 2012 #

AmyDentata Amy Dentata
@lucypaw @kirimuffin If he actually cared about security he should have mentioned the exploit to the site admins. What an ass.

August 11, 2012 #

lucypaw Lucy
@AmyDentata @kirimuffin He doesn't care about security, he just doesn't like #fetlife any more and wants to hurt it.

August 11, 2012 #

mailmare Susan Werner
.@AmyDentata @lucypaw @kirimuffin He and others have mentioned it to site admins many many times before..and it's *not an exploit* >>>

August 12, 2012 #

mailmare Susan Werner
.@AmyDentata @lucypaw @kirimuffin >> it's just using publicly posted usernames/passwords on bugmenot and automatically feeding them to FL.

August 12, 2012 #

mailmare Susan Werner
.@AmyDentata @lucypaw @kirimuffin there's few fixes for this "vulnerability" except intrusive stuff--like doing a captcha to see every page

August 12, 2012 #

mailmare Susan Werner
.@AmyDentata @lucypaw @kirimuffin (this is not endorsement for what he did - I don't quite agree with it but for reasons not yet public)

August 12, 2012 #

AmyDentata Amy Dentata
@mailmare @lucypaw @kirimuffin Releasing information to the public like that is a dick move no matter which way you slice it.

August 12, 2012 #

mailmare Susan Werner
.@AmyDentata @lucypaw @kirimuffin All that information was already public and was already being accessed in ways fully allowed by fetlife >>

August 12, 2012 #

lucypaw Lucy
@mailmare @AmyDentata @kirimuffin Define "public" because I was under the impression I still own copyright to my stuff. Am I wrong? How?

August 12, 2012 #

mailmare Susan Werner
.@AmyDentata @lucypaw @kirimuffin >>.it's not a dick move to engage in full disclosure when non-full disclosure has not induced a fix. >>>

August 12, 2012 #

AmyDentata Amy Dentata
@mailmare @lucypaw @kirimuffin Why isn't this story mentioned on the page itself?

August 12, 2012 #

mailmare Susan Werner
.@AmyDentata @lucypaw @kirimuffin >>> all full-disclosure does is even the playing field -- people who would abuse this information had >>>>

August 12, 2012 #

mailmare Susan Werner
.@AmyDentata @lucypaw @kirimuffin >>>> already known about it a long time ago, and those at risk didn't know it: en.wikipedia.org/wiki/Full_disc…

August 12, 2012 #

maymaym maymaym
I did @AmyDentata—for years: maybemaimed.com/2011/03/20/fet… maybemaimed.com/2011/08/08/bac… Presuming I didn't is insulting & reveals massive ignorance. #FetLife

August 12, 2012 #

AmyDentata Amy Dentata
@maymaym Actually no it doesn't. I don't read your website. You should have included even a mention of this history in the post.

August 12, 2012 #

maymaym maymaym
@AmyDentata I did. I put links fuckin' everywhere. Follow. days.maybemaimed.com/post/290441194… Those. Links. tiny.cc/fetlife-proble… Why. Is. That. So. Hard?

August 12, 2012 #

AmyDentata Amy Dentata
@maymaym Those aren't linked to on the post about the proxy, nor is the history mentioned. Most people on FetLife don't read your blog.

August 12, 2012 #

maymaym maymaym
@AmyDentata If I link, they tell me I'm "self-promoting." If I don't link, you make malicious assumptions about me. Both are tone arguments.

August 12, 2012 #

AmyDentata Amy Dentata
@maymaym No it's not. Saying "hey, FetLife has a history of security issues which they never fixed–here's an example" is all you need to do.

August 12, 2012 #

maymaym maymaym
@AmyDentata You're right, I could've done that. I'm SO sorry for my several year history of doing exactly that, getting absolutely no where.

August 12, 2012 #

AmyDentata Amy Dentata
@maymaym If you had mentioned that in this post, I and others would have reacted very differently.

August 12, 2012 #

maymaym maymaym
@AmyDentata If I had done that, I fear I would've been ignored yet again. I could be wrong, but I was done w/self-preservation. News spread.

August 12, 2012 #

maymaym maymaym
@AmyDentata It astounds me ppl so versed in what silencing looks like blame me for changing my tone+tactic after years of being brushed off.

August 12, 2012 #

AmyDentata Amy Dentata
@maymaym You're getting the word out at least, and I do applaud you for that.

August 12, 2012 #

maymaym maymaym
@AmyDentata Well, gee, thanks. Maybe you can be even more helpful next time and not start talking shit when you know you're missing context.

August 12, 2012 #

AmyDentata Amy Dentata
@maymaym I *didn't* know I was missing context. I didn't know FetLife was insecure, so this looked like blatant trolling.

August 12, 2012 #

maymaym maymaym
@AmyDentata Okay—fair 'nuff. And now you know differently. I reiterate, maybe next time you won't be so quick to jump to conclusions. Maybe.

August 12, 2012 #

AmyDentata Amy Dentata
@maymaym I will make an effort not to.

August 12, 2012 #

AmyDentata Amy Dentata
@maymaym Welcome to Tumblr. Next time you do something like that, it would be wise to mention the history & intent in the post itself.

August 12, 2012 #

AmyDentata Amy Dentata
@maymaym Doing something like that is going to create a huge reaction, understandably, because not everyone knows the story.

August 12, 2012 #

AmyDentata Amy Dentata
@maymaym Maybe keep that in mind next time you decide to publicly link to information assumed (incorrectly or not) to be private?

August 12, 2012 #