site banner

What if the hackers come for us?

Gab - hacked. Truth social - hacked. What if they come for us? The rdrama codebase probably isn't perfectly secure! Chrome or firefox has layers of sandboxes, a hundred different gadgets like 'stack protection' or 'W xor X', and still has a new RCE every week. rdrama can probably be trivially owned if someone googles all the dependency versions for a few hours. also, lol commit history, 'sneed'. If that happens - what leaks? i guess just associations between stored ip addresses (if they are) and post histories. And IP can reveal a lot, or nothing, depending on where you live, ISP, etc. Combine that with a post history referencing improvements you made to your house or your occupation ... might be bad.

Practically, seems incredibly unlikely anyone will care enough to do anything, it's a small community and the essay format gets in the way of 'omg these rightwingers grr'. But, always good to ponder potential security issues. Also, you wanted content, so content.

4
Jump in the discussion.

No email address required.

Eh. googling 'flask RCE' shows a few.

And web servers regularly get owned by leaving API keys open, configuring something wrong, too. Maybe you use azure, and the part of azure you're using is broken. maybe your web server is perfect but your cloudflare password is 'marseeeeeey2' without 2fa and you get owned that way.

But it seems unlikely enough that there's anything serious that I'm not actively worrying about it.

I guarantee someone sufficiently motivated could be inside rdrama in a week or two. But I highly doubt anyone is.