Hacker News new | past | comments | ask | show | jobs | submit login

For the sake of accuracy, it’s worth pointing out that points 2 through 5 were implementation bugs resolved in https://matrix.org/blog/2022/09/28/upgrade-now-to-address-en.... They are not current attacks, despite the present tense used to describe them in the parent post.



re: implementation bugs: Almost, but not quite. See https://nebuchadnezzar-megolm.github.io/#anticipated-questio...

Also note that in the review of the ecosystem the Matrix developers, i.e you :), also discovered further clients vulnerable to variants of attack #3 and assigned CVE-2022-39252, CVE-2022-39254 and CVE-2022-39264.

While I'm here, yep those seem fixed also as far as we can tell: https://nebuchadnezzar-megolm.github.io/#remediesfixes




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: