Super Testnet on Nostr: 40 minutes ago an anigma user claiming to be a security researcher contacted me to ...
40 minutes ago an anigma user claiming to be a security researcher contacted me to inform me of a vulnerability on anigma. He definitively demonstrated that he knew my private key and gave plausible evidence it was because anigma had a vulnerability to cross site scripting. He informed me of a way to resolve the issue and I did as he suggested. He asks me to inform everyone that this vulnerability has been live practically since anigma started so everyone who has used it should get new private keys.
Published at
2022-12-16 10:44:20Event JSON
{
"id": "f0f001d0cd4f7ccfb6a65ae715cd104a8488097a38949ba323730ce66a22665e",
"pubkey": "2183e94758481d0f124fbd93c56ccaa45e7e545ceeb8d52848f98253f497b975",
"created_at": 1671187460,
"kind": 1,
"tags": [],
"content": "40 minutes ago an anigma user claiming to be a security researcher contacted me to inform me of a vulnerability on anigma. He definitively demonstrated that he knew my private key and gave plausible evidence it was because anigma had a vulnerability to cross site scripting. He informed me of a way to resolve the issue and I did as he suggested. He asks me to inform everyone that this vulnerability has been live practically since anigma started so everyone who has used it should get new private keys.",
"sig": "2f45242f3a61b295a35737a72dabf501e42218d7e13a4f29b0e4fefbf53ba661497ac90302a11e19085df82aee4a77917ac5b6df88a1513992c6d3b3a546bf09"
}
