Seems like it. They were not a very large platform, so I can't really fault them. Much larger companies can afford large security teams. But now they are starting to gain a lot of popularity, they are going to need to devote more resources to security.
This is definitely true, it’s more difficult to secure yourself with fewer resources, however they didn’t follow the most basic protocol with their OAuth Tokens. Even after being compromised they didn’t reset the tokens, so the same individual just came back and ransacked the site over a few minutes. Finally, it’s using mastodon where they have they have near real-time open source reporting where people don’t like them have an opportunity to violate their vulnerabilities.
All this aside, Gab Search hasn’t worked for years. In the early days of the startup it worked, but like I said hasn’t worked in years. I gave up on Gab a long time ago because of this.
I don't like the public forums for other reasons. I do hope that gab does get a good sec team together however.
Something that recently sparked my interest, is decentralized forums. Like on the Briar platform. Just the way it works seems interesting. ( You add a contact, then they can add whoever, and so on )
Seems like it. They were not a very large platform, so I can't really fault them. Much larger companies can afford large security teams. But now they are starting to gain a lot of popularity, they are going to need to devote more resources to security.
This is definitely true, it’s more difficult to secure yourself with fewer resources, however they didn’t follow the most basic protocol with their OAuth Tokens. Even after being compromised they didn’t reset the tokens, so the same individual just came back and ransacked the site over a few minutes. Finally, it’s using mastodon where they have they have near real-time open source reporting where people don’t like them have an opportunity to violate their vulnerabilities.
All this aside, Gab Search hasn’t worked for years. In the early days of the startup it worked, but like I said hasn’t worked in years. I gave up on Gab a long time ago because of this.
I don't like the public forums for other reasons. I do hope that gab does get a good sec team together however.
Something that recently sparked my interest, is decentralized forums. Like on the Briar platform. Just the way it works seems interesting. ( You add a contact, then they can add whoever, and so on )