Several critical bugs on the Twitter-like social media platform Mastodon were patched last week, after researchers funded by the Mozilla Foundation tipped their hat to the vulnerabilities. The situation shows one of the fundamental tradeoffs in open-source software development: that publicly available code can be reviewed and exploited by anyone.
Sometimes that means bugs are found by so-called white hat hackers, and sometimes they’re left open to be exploited. In Mastodon’s case, Mozilla paid German security firm Cure53 to pen test the social network, after announcing plans it would be using Mastodon for some corporate communications.
This is an excerpt from The Node newsletter, a daily roundup of the most pivotal crypto news on CoinDesk and beyond. You can subscribe to get the full newsletter here.
Especially in the post-Elon-Musk-buyout Twitter era, Mastodon has become one of the most popular decentralized applications used by everyday folk. Mastodon calls itself a “federation” because it consists of several thousand separate “instances” that serve people content (unlike at companies like Twitter or Facebook, which maintain their own servers). Anyone can run their own or ask to join another instance, which can set their own moderation standards.
Not much has been revealed about the five bugs that were patched, though independent security researcher Kevin Beaumont, writing on Mastodon, said one potential exploit dubbed #TootRoot could have given hackers root access to Mastodon instances – which could have caused all types of issues including compromised accounts and other phishing schemes.
See also: Crypto Hackers Tend to Return Stolen Money: TRM Labs
Mastodon gGmbH, the organization that maintains Mastodon’s open source software, rated one other bug as critical and the three others as high and medium in severity. Large servers were also sent pre-announcements about the security holes in recent weeks, so they could be ready to quickly deploy a patch when it went live, according to Ars Technica.
As far as I can tell, none of Mastodon’s 14.5 million users were affected by the bad lines of code, which seem to have been unexploited. But the situation does raise some uncomfortable concerns, including how long the critical issues would have sat dormant had Mozilla not been…
Click Here to Read the Full Original Article at Cryptocurrencies Feed…
