Andrew Torba / Gab (Gab.com / Gab.ai) / Dissenter (dissenter.com) - An incompetent captain sinking millions of other people's dollars.

[bigbombguy2222]

How fucking retarded do you have to be to not have any protection against SQL injections. Jesus Christ, Torba.

 

[66andtwothirds]

i'm not on alt tech sites because they are largely containment zones/insane asylums. but i saw that gab got hacked and all the user data will be leaked to journos or something? is this guy a boomer who doesn't know how to run a secure website?

 

[Carlgon McVaginalflap]

If anyone's curious here's the vulnerability: https://code.gab.com/gab/social/gab-social/-/commit/fb3b7545705153022c24bb072fbdb3925b8cbfeb

Fixed here: https://code.gab.com/gab/social/gab-social/-/commit/6e42e3b1eca73c306db1580719a3a1bfb715f6d8

 

[Carlgon McVaginalflap]

Assuming the Private Chats were not scraped and were actually securely encrypted, then the worst data that was breached were Private Profiles and Posts. But from my personal experience on Gab, barely anyone uses the private profile/posts settings anyways. Almost everything is Public.

Yeah it's still just Mastodon's scope system. It's not really designed for privacy in a security sense, just the social one.

Edit: Unless Chat has different privacy settings? I don't think it does though.

 

[AnOminous]

Instead the group says it will selectively share it with journalists, social scientists, and researchers.

So it will only be used for paid propagandists they agree with, to be used in out of context snippets just to defame their political enemies. Got it.

 

[bwill7]

It wasn't mentioned in the article but I wonder if IP address data were leaked

 

[Carlgon McVaginalflap]

It wasn't mentioned in the article but I wonder if IP address data were leaked

Mastodon stores them, so almost certainly yes.

Gab just violated the AGPL and closed their source code. Would be interesting if Eugene sued them. Probably won't happen though.

 

[Arm Pit Cream]

Regardless of the hack's effects and size(which seems small), raving about gangs of demonic troon super hackers is an awful way to respond to the situation.

 

[bwill7]

Mastodon stores them, so almost certainly yes.

So people could be potentially doxxed using their IP Address?

 

[Carlgon McVaginalflap]

So people could be potentially doxxed using their IP Address?

I guess they could to a certain extent, yeah. Hopefully most people who take the step outside normieville know to use a VPN though.

In any case, the fact that instead of being transparent they've hidden their code is enough for me to write these faggots off. I've more than given Gab a fair shake because I like some of the developers but they're showing they have no interest in learning. Instead they'll just keep writing spaghetti code behind closed doors.

 

[bwill7]

I guess they could to a certain extent, yeah. Hopefully most people who take the step outside normieville know to use a VPN though.

In any case, the fact that instead of being transparent they've hidden their code is enough for me to write these faggots off. I've more than given Gab a fair shake because I like some of the developers but they're showing they have no interest in learning. Instead they'll just keep writing spaghetti code behind closed doors.

Hopefully it's just temporary so they can patch up their code. But if they don't make their source code public within a week, I'm done with Gab.

Maybe I should have never trusted a Slav in the first place LOL

 

[Carlgon McVaginalflap]

But if they don't make their source code public within a week, I'm done with Gab.

They won't. The only reason it was public in the first place is because there's no way out of the AGPL. They always close their source when they fork a project except when they aren't allowed to.

Just get federated if you need something like Gab. Lots of good people on kiwifarms.cc

 

[bwill7]

They just updated their ReadMe file, whatever this means:

 

[CIAnIUMU]

Torba is currently sperging out on Twitter, trying to get DDoSecrets’ payment venues taken down.

https://twitter.com/getongab/status/1366582733896622081?s=21

He also made a blog post about how he doesn’t “negotiate with extortionists.”

https://news.gab.com/2021/03/01/gab-does-not-negotiate-with-criminal-demons/#more-2730

 

[bwill7]

Torba is currently sperging out on Twitter, trying to get DDoSecrets’ payment venues taken down.

https://twitter.com/getongab/status/1366582733896622081?s=21

He also made a blog post about how he doesn’t “negotiate with extortionists.”

https://news.gab.com/2021/03/01/gab-does-not-negotiate-with-criminal-demons/#more-2730

How would he know the person demanding the ransom is actually the hacker and not some random troll?

 

[CIAnIUMU]

How would he know the person demanding the ransom is actually the hacker and not some random troll?

This was posted to his profile earlier today, so maybe that’s how, idk

 

[bwill7]

LOL I wonder if some random person is pushing commits (Commit Linked Here)

 

[Dread First]

Considering how Gab forked Mastodon, doesn't this spell alarming implications for Mastodon instances everywhere else that are potentially vulnerable to similar exploits?

 

[AnOminous]

Considering how Gab forked Mastodon, doesn't this spell alarming implications for Mastodon instances everywhere else that are potentially vulnerable to similar exploits?

I'd bet dollars to doughnuts it's a vulnerability added by Gab's incompetence and wasn't in Mastodon itself.

 

[Random Internet Person]

View attachment 1962048

This was posted to his profile earlier today, so maybe that’s how, idk

Well, they know the best way to destroy a conservative is to probably paint them as a hypocrite.