Slack is rushing to solve a major problem related to Slack Connect
Yesterday we reported that the well-known Slack software introduced the new “Slack Connect“ feature, which allows you to send messages or create shared channels even with people outside your organization. The company's goal was to provide a tool that would allow it to communicate faster with its partners, improve customer relationships to offer high-level support by dramatically decreasing response times and, overall, increase productivity.
However, it seems that its implementation has not been the best, since, right away, users have noticed a rather important problem. Indeed, Slack Connect could be misused, as malicious individuals could send invitations containing inappropriate language that cannot be filtered, as they come from a generic Slack address, as witnessed by Twitter user Menotti Minutillo.
well that was easy as shit to abuse
- send invite with nasty language
- slack emails you w / the full content of the invite
- can't block the emails because they come from a generic slack address that informs you of invites
- abuser can keep inviting w / abusive language https://t.co/Mw9W5L251a pic.twitter.com/dWEAD7ccRO
- Menotti Minutillo (@ 44) March 24, 2021
Apparently, in just 24 hours, Slack decided to solve the problem by disabling the ability to customize attached messages to direct message invitations in Slack Connect, as explained by Jonathan Prince, Vice President of Communications and Company policy:
After we launched Slack Connect Direct Messages this morning, we have received invaluable feedback from our users on how email invitations can use the feature to send potentially offensive or harassing messages. We are taking immediate steps to prevent this type of abuse starting today by removing the ability to customize a message when a user invites someone to Slack Connect. Slack Connect's security features and robust administrative controls are a key part of its value for both individual users and their organizations. We made a mistake in this initial launch that is inconsistent with our goals for the product and typical Slack Connect experience. As always, we are grateful to all those who have expressed their opinion and we are committed to solving this problem.
Although the speed with which Slack has decided to improve the situation is rather appreciable, it seems rather unusual than not noticed this before officially launching the service.
ASRock B450M Steel Legend is a motherboard with AM4 socket ready to host the new processors from AMD, you can find it on Amazon for less than 85 euros!
However, it seems that its implementation has not been the best, since, right away, users have noticed a rather important problem. Indeed, Slack Connect could be misused, as malicious individuals could send invitations containing inappropriate language that cannot be filtered, as they come from a generic Slack address, as witnessed by Twitter user Menotti Minutillo.
well that was easy as shit to abuse
- send invite with nasty language
- slack emails you w / the full content of the invite
- can't block the emails because they come from a generic slack address that informs you of invites
- abuser can keep inviting w / abusive language https://t.co/Mw9W5L251a pic.twitter.com/dWEAD7ccRO
- Menotti Minutillo (@ 44) March 24, 2021
Apparently, in just 24 hours, Slack decided to solve the problem by disabling the ability to customize attached messages to direct message invitations in Slack Connect, as explained by Jonathan Prince, Vice President of Communications and Company policy:
After we launched Slack Connect Direct Messages this morning, we have received invaluable feedback from our users on how email invitations can use the feature to send potentially offensive or harassing messages. We are taking immediate steps to prevent this type of abuse starting today by removing the ability to customize a message when a user invites someone to Slack Connect. Slack Connect's security features and robust administrative controls are a key part of its value for both individual users and their organizations. We made a mistake in this initial launch that is inconsistent with our goals for the product and typical Slack Connect experience. As always, we are grateful to all those who have expressed their opinion and we are committed to solving this problem.
Although the speed with which Slack has decided to improve the situation is rather appreciable, it seems rather unusual than not noticed this before officially launching the service.
ASRock B450M Steel Legend is a motherboard with AM4 socket ready to host the new processors from AMD, you can find it on Amazon for less than 85 euros!