Bluesky Exploits
(github.com)
from tedu@inks.tedunangst.com to inks@inks.tedunangst.com on 13 Sep 2023 20:32
https://inks.tedunangst.com/l/5032
from tedu@inks.tedunangst.com to inks@inks.tedunangst.com on 13 Sep 2023 20:32
https://inks.tedunangst.com/l/5032
I have discovered a number of security vulnerabilities in Bluesky and atproto. Each time I’ve found something new, I’ve chosen to report it to Bluesky at security@bsky.app, as requested at https://bsky.app/.well-known/security.txt, and provide them with details. Bluesky has responded to only one of these reports, one time, 4 days after submission, saying “We appreciate the report, and we’ll be taking a closer look at the issue.”. They did not follow up on that report and they have not responded to any of my other reports.
threaded - newest