@drakos we had our servers secured and backups in place. Who did this knew where to act. We are verifying with those who had the possibility to work on our servers directly if there was anything that may have opened a security breach. Literally anything can be hacked. Today was our turn. We are not looking for any excuse. We have been plain honest on what happened here.
You are viewing a single comment's thread from:
When did you last have a penetration test against the web application?
That sucks. Good luck finding the culprit.
Saya tidak khawatir akan hal seperti ini, karena saya yakin @utopian-io mempunyai sistem keamanan yang bagus, semoga tidak ada newbie yang korban disini.
@heimindanger we had background processes in place to broadcast actions required for our system to work on behalf of the users. Without having an offline token for that, I don't see how could we have achieved such functionalities. Do you have a suggestions for this?
@heimindanger we had a review system in place, where users could make a poll to verify the quality of the post and the final score stored in the blockchain for the original post, among with other similar functionalities. You can't just request for a user consent on every single operation that makes the site functional.
Working with compromises is always hard. Any established social media platform has a solid Oauth system in place and we should focus on how we could implement the most secure and customisable tool, while not hurting the user experience. I believe there is room for improvements on that. Hacks happen everywhere and at any level, it is always a question of how you could minify the consequences. Obviously we were not ready for this.
I think every one will agree that in all the systems we can find some problems wich we can use for overself. Hackers are trying to find probelms in systems and to make 100% secure system i think is imposibble.