Kevin Russell
Mozilla, makers of open source free Firefox, joined Mastodon last week. Mozilla began testing Mastodon security, including how their server responded to attacks and more.
They found 5 major flaws, threats, including the ability to take over a server, control a server, with a post.
With a post. TootRoot.
"Mastodon fixes critical “TootRoot” vulnerability allowing node hijacking"
For 13 million users, #Mastodon NEEDS a security FOCUS.
Demand layers of protection.
Kevin Russell
WARNING: Phishing Attacks, HTML markup to hide urls, are now in Mastodon.
While Mastodon does not have markup to allow hiding urls, they share API with "friendica" and friendica ALLOW HIDING URLS.
And friendica accounts can post on Mastodon.
I have asked for a solution, none is forthcoming.
Click NO LINKS that come friendica. Be wary of links on Mastodon, as if Mastodon were "email" - without any protections.
Multiple reports of other fediverse branches allow hiding urls. No Clicking links
Bobinas P4G is a social network. It runs on GNU social, version 2.0.1-beta0, available under the GNU Affero General Public License.
All Bobinas P4G content and data are available under the Creative Commons Attribution 3.0 license.