I just got RickRolled by the Vivokey app

There was a notification that said Yeka is Testing and when I clicked on it I got RickRolled. :rofl:


im more worried you clicked it but equally alarming is that any user seems to be able to send everyone push notifications… im going to assume this bug is going to get fixed pretty quick.


got that massage too :grinning_face_with_smiling_eyes:

1 Like

Me too.

1 Like

Just ask him what’s up. Hey @yeka , what’s up?

I just clicked it, I saw vivokey pop up, and was super confused.

What if he works there?

1 Like

was wondering what that was about hahaha

Yes sorry. I fucked up. Shouldn’t have happened.

Riley and Amal are informed.


No worries, I’ve done MUCH worse! LOL!

1 Like

@yeka is doing security testing of the VivoKey platform and endpoints and found a possible vuln. It’s not an ideal test method but it got the point across :slight_smile:


I just feel that a device / ecosystem where the emphasis is on security that getting a rick roll link from a user gives a pretty shitty image even more so if he worked there.


yeah… as I said, not ideal… but ultimately glad to be finding any possible issues so we can shore them up


in short there is an admin feature that I can use on my vivokey app to send these notifications out… he found a way to send a notification without being me essentially. that’s the nature of this issue.


I see that. It was very unprofessional and I really apologize.

I have no excuse.

It was definitely just stupid, childish and easily preventable. For a brief moment I found it funny when it worked, but then I realized my mistake.

I know how bad it must look.:frowning:
I didn’t think about that.

I should have looked for ways to verify this bug without notifying everyone. And there are many, like not testing it on the production system. Or at the very least I could have used a more legit looking popup…


My thoughts on the matter:


Everybody makes mistakes. It brightened my morning a little tbh, got a good chuckle out of me when I woke up and saw the notification. I was able to infer what happened.

If, because of you finding that bug, the worst that happens is a rickroll rather than someone else sending a malicious link to every Vivokey user?


It looks a little unprofessional, sure, but not nearly as bad as if it was found and exploited by someone with bad intentions.

Obviously my POV is gonna be different than Amal, Devilclarke, or others, but I’d try not to be too hard on yourself about it.

AFIAK, the vast majority of the Vivokey community are still enthusiasts. Hopefully that’ll change soon, and there’ll be wider adoption (especially for the sake of payments), but at the moment, I doubt many people cared. Shit like this happens, but it’s paving the road for the future of the platform. That’s what matters. Plus, I doubt you’ll make that mistake again :wink:


Personally, I loved it.

Could have been worse.


No issues from me whatsoever buddy, I also found it funny.

Knowing your skillset and knowing you are a community insider.
I just assumed it was security testing.

Keep finding and plugging those holes.

Loving your work @yeka


I accept that and I appreciate you understanding where I’m coming from. I’m appreciative the bug was found by someone without malicious intent so no harm done :slight_smile: