Unangbangkay

Cohost of @unangbangkay on Twitter

Josh Tolentino | weeaboomer, Gamist
| work: RPG Site, Game Rant, Gamecritics | ex: Siliconera, Destructoid

Contacts in Carrd


discord
unangbangkay
Mastodon
@unangbangkay@mastodon.social
Carrd (Professional contacts)
unangbangkay.carrd.co/

lexi
@lexi

nitter link if you're not logged into the bird app

tl;dr someone found a bug i found 2 years ago and now they get all the credit, because i reported it, twitter didnt fix it and even the fucking vercel CEO has now seen it credited to someone else (and a lot of other spicy twitter details!)


lexi
@lexi

the reason why i did not just leak everything yet is because i asked them (a bit harshly) for the exact reason why i was banned. if they make up some bullshit i am immediately escalating this to the hackerone support to make someone's day significantly worse, and after doing that i am free. but until then, and until now, i have not broken the code of conduct >:3


widr
@widr

twitter has been so fucking bad about this that someone cobbled together, from various reports that have gone un-addressed and un-paid for over a year, an exploit where anyone who clicks on the wrong link on twitter has their account completely taken over. when this bug got out they panicked so bad that they broke every link on the whole site for hours trying to mitigate it.


found via Molly White: @molly0xFFF on twitter, @molly0xfff@hachyderm.io on mastodon, molly.wiki on bluesky and the internet


You must log in to comment.

in reply to @lexi's post:

jesus christ these are bad lol

it's truly incredible what a powerful canary bad handling of bug reports makes for dangerous, low-quality software. mysql has the same problem: we haven't even bothered to try reporting multiple egregious bugs because it is a foregone conclusion that they will never be acknowledged or fixed. the scores decades-old bugs they still have open are just the tip of the iceberg.

when bug reports aren't handled conscientiously, especially security-related ones, shit is truly going down the tubes and it's time to get out ASAP.

in reply to @lexi's post:

"hey, I reported a vuln to you"
"hey, that vuln I reported just got exploited"
"you've been banned from reporting vulns"

yeah definitely a sign of a great organization here, truly remarkable, highly trustworthy

I wish someone would just crack this site open like an egg already