Orbiter

BDFL of Quilibrium, Eng @ Farcaster, ex-Coinbase, always opinionated, never hydrated

/quilibrium

Big thanks to @cassie for identifying a potential vulnerability in Orbiter’s code that I didn’t even know was a thing! Open source for the win! 

Should be all patched now. If anyone finds anything, please reach out. We can’t pay bounties but we can pay in shoutout casts 😂

Writer. Building @pinatacloud. Working on simple static site hosting https://orbiter.host \ https://polluterofminds.com

What's the retrospective on the issue, out of curiosity?

* higher rank in Tae Kwon Do than Vladimir Putin
* hobbies include finding new lows of dad jokes
* opinions are my own and I will DMCA anyone who copies them

It was a timing vulnerability where an attacker could guess the admin token for our nginx and analytics servers by guessing each character in the token and checking the time it takes for the request to fail to determine if a character in a specific position was right.

Ahh, timing attacks. They're truly timeless.