ICT Security-Sécurité PC et Internet
87.1K views | +0 today
Follow
ICT Security-Sécurité PC et Internet
Education Technology
ICT Security + Privacy + Piracy + Data Protection - Censorship - Des cours et infos gratuites sur la"Sécurité PC et Internet" pour usage non-commercial... (FR, EN+DE)...
Curated by Gust MEES
Your new post is loading...
Your new post is loading...
Scooped by Gust MEES
Scoop.it!

Critical TootRoot bug lets attackers hijack Mastodon servers

Critical TootRoot bug lets attackers hijack Mastodon servers | ICT Security-Sécurité PC et Internet | Scoop.it
From www.bleepingcomputer.com - July 7, 2023 6:44 PM

Mastodon, the free and open-source decentralized social networking platform, has patched four vulnerabilities, one of them critical that allows hackers to create arbitrary files on the server using specially crafted media files.

Mastodon has about 8.8 million users spread across 13,000 separate servers (instances) hosted by volunteers to support distinct yet inter-connected (federated) communities.

All the four issues fixed were discovered by independent auditors at Cure53, a company that provides penetration testing for online services. The auditors inspected Mastodon's code at Mozilla's request.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/social-media-and-its-influence/?&tag=Mastodon

 

 

Gust MEES's insight:

Mastodon, the free and open-source decentralized social networking platform, has patched four vulnerabilities, one of them critical that allows hackers to create arbitrary files on the server using specially crafted media files.

Mastodon has about 8.8 million users spread across 13,000 separate servers (instances) hosted by volunteers to support distinct yet inter-connected (federated) communities.

All the four issues fixed were discovered by independent auditors at Cure53, a company that provides penetration testing for online services. The auditors inspected Mastodon's code at Mozilla's request.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/social-media-and-its-influence/?&tag=Mastodon

 

 

more...
Scooped by Gust MEES
Scoop.it!

Twitter-Alternative: Datenleck bei Mastodon.social 

Twitter-Alternative: Datenleck bei Mastodon.social  | ICT Security-Sécurité PC et Internet | Scoop.it
From www.golem.de - March 17, 2023 3:12 PM

Mehrere Mastodon-Nutzer wurden kürzlich über einen "Security Incident auf Mastodon.social" informiert, dem originalen Server, der durch die Mastodon gGmbH betrieben wird. Durch eine Fehlkonfiguration konnten demnach Dritte alle Daten von files.mastodon.social abrufen.

Die meisten der dort abgelegten Dateien sind zwar ohnehin öffentlich einsehbar, darunter die Profilbilder, benutzerdefinierte Emojis, Bilder und Videos, allerdings nicht alle: Auch die von Nutzern angeforderten Datenexporte wurden hier abgelegt, in denen auch nicht-öffentlich geteilte Beiträge enthalten sind.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/social-media-and-its-influence/?&tag=Mastodon

 

 

Gust MEES's insight:

Mehrere Mastodon-Nutzer wurden kürzlich über einen "Security Incident auf Mastodon.social" informiert, dem originalen Server, der durch die Mastodon gGmbH betrieben wird. Durch eine Fehlkonfiguration konnten demnach Dritte alle Daten von files.mastodon.social abrufen.

Die meisten der dort abgelegten Dateien sind zwar ohnehin öffentlich einsehbar, darunter die Profilbilder, benutzerdefinierte Emojis, Bilder und Videos, allerdings nicht alle: Auch die von Nutzern angeforderten Datenexporte wurden hier abgelegt, in denen auch nicht-öffentlich geteilte Beiträge enthalten sind.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/social-media-and-its-influence/?&tag=Mastodon

 

more...
No comment yet.
Sign up to comment
Rescooped by Gust MEES from Social Media and its influence
Scoop.it!

New social media site Mastodon potential cyber-security tar pit | #Awareness

New social media site Mastodon potential cyber-security tar pit | #Awareness | ICT Security-Sécurité PC et Internet | Scoop.it
From www.scmagazineuk.com - December 5, 2018 7:49 PM
A new social media network named Mastodon popped up a few months ago and is designed to deliver a decentralised, open-source experience, but its this unique structure that may make its members vulnerable to cyber-attacks.


Malwarebyte's researcher Zammis Clark blogged that the decentralised nature of the site's construction, which he said helps eliminate ads, a primary selling point for users, also leaves the social network open to hackers. The site is very different from Facebook, Twitter and other networks.
Instead of being hosted by a corporate entity on its server system Mastodon members can set up their own server if they wish, called in “instance” by the Mastodon community, and then have people join Mastodon through that server. But here is where the problem arises.


Each person's “instance” receives a special domain name, for example mastodon.instance1, and anyone registering on that instance would receive a username like johnsmith.mastodon.instance1.


Where things go awry, Clark said, is the usernames can be replicated across all the "instances", so on mastodon.instance2 there could be a johnsmith.mastodon.instance2. This creates a situation where there are no verified accounts.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/securite-pc-et-internet

 

more...
Gust MEES's curator insight, April 21, 2017 4:12 PM
A new social media network named Mastodon popped up a few months ago and is designed to deliver a decentralised, open-source experience, but its this unique structure that may make its members vulnerable to cyber-attacks.


Malwarebyte's researcher Zammis Clark blogged that the decentralised nature of the site's construction, which he said helps eliminate ads, a primary selling point for users, also leaves the social network open to hackers. The site is very different from Facebook, Twitter and other networks.
Instead of being hosted by a corporate entity on its server system Mastodon members can set up their own server if they wish, called in “instance” by the Mastodon community, and then have people join Mastodon through that server. But here is where the problem arises.


Each person's “instance” receives a special domain name, for example mastodon.instance1, and anyone registering on that instance would receive a username like johnsmith.mastodon.instance1.


Where things go awry, Clark said, is the usernames can be replicated across all the "instances", so on mastodon.instance2 there could be a johnsmith.mastodon.instance2. This creates a situation where there are no verified accounts.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/securite-pc-et-internet

 
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Tootroot: Mastodon-Instanzen ließen sich durch spezielle Toots kapern - Golem.de

Tootroot: Mastodon-Instanzen ließen sich durch spezielle Toots kapern - Golem.de | ICT Security-Sécurité PC et Internet | Scoop.it
From www.golem.de - July 7, 2023 6:28 AM

Die Entwickler der quelloffenen Software hinter dem sozialen Netzwerk Mastodon haben kürzlich ein Sicherheitsupdate für die aufstrebende Twitter-Alternative veröffentlicht. Damit behoben sie insgesamt fünf Schwachstellen, von denen eine es Hackern ermöglichte, ganze Mastodon-Instanzen zu kapern. Auf Github heißt es zu der als CVE-2023-36460 registrierten Sicherheitslücke, sie erlaube es "Angreifern, jede Datei zu erstellen und zu überschreiben, auf die Mastodon Zugriff hat". Dadurch seien etwa Denial-of-Service-Angriffe oder eine beliebige Codeausführung aus der Ferne (RCE) umsetzbar.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/social-media-and-its-influence/?&tag=Mastodon

 

 

Gust MEES's insight:

Die Entwickler der quelloffenen Software hinter dem sozialen Netzwerk Mastodon haben kürzlich ein Sicherheitsupdate für die aufstrebende Twitter-Alternative veröffentlicht. Damit behoben sie insgesamt fünf Schwachstellen, von denen eine es Hackern ermöglichte, ganze Mastodon-Instanzen zu kapern. Auf Github heißt es zu der als CVE-2023-36460 registrierten Sicherheitslücke, sie erlaube es "Angreifern, jede Datei zu erstellen und zu überschreiben, auf die Mastodon Zugriff hat". Dadurch seien etwa Denial-of-Service-Angriffe oder eine beliebige Codeausführung aus der Ferne (RCE) umsetzbar.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/social-media-and-its-influence/?&tag=Mastodon

 

 

more...
No comment yet.
Sign up to comment
Rescooped by Gust MEES from Social Media and its influence
Scoop.it!

Like Twitter But Hate the Trolls? Try Mastodon | #SocialMedia #ICT | BUT #Awareness about #CyberSecurity

Like Twitter But Hate the Trolls? Try Mastodon | #SocialMedia #ICT | BUT #Awareness about #CyberSecurity | ICT Security-Sécurité PC et Internet | Scoop.it
From www.wired.com - December 5, 2018 7:49 PM
Twitter’s been combatting harassment for years. The latest effort: quelling its horde of anonymous, hostile egg accounts. But for many users, Twitter’s abuse problem has long since undermined its value as a platform for creative communication. That’s what makes Mastodon—a free, open-source, and increasingly popular six-month-old Twitter alternative—so intriguing.

Mastodon has created a diverse yet welcoming online environment by doing exactly what Twitter won’t: letting its community make the rules. The platform consists of various user-created networks, called instances, each of which determines its own laws. One instance could ban sexist jokes and Nazi logos, while another might practice radically free speech. (In this way, Mastodon is not unlike a network of discretely moderated message boards crossed with a Tweetdeck-like interface.) Users choose for themselves which instance they want to join and select from a host of privacy and anti-harassment settings.

 

Oh, and the character limit is 500, not 140. In essence, Mastodon is an experiment in whether individually moderated communities can make a social network like Twitter more civil.

 

Learn more / En savoir plus / Mehr erfahren:

 

New social media site Mastodon potential cyber-security tar pit | #Awareness

 

 

http://www.scoop.it/t/social-media-and-its-influence/?&tag=Mastodon

 

more...
Gust MEES's curator insight, April 25, 2017 6:03 PM
Twitter’s been combatting harassment for years. The latest effort: quelling its horde of anonymous, hostile egg accounts. But for many users, Twitter’s abuse problem has long since undermined its value as a platform for creative communication. That’s what makes Mastodon—a free, open-source, and increasingly popular six-month-old Twitter alternative—so intriguing.

Mastodon has created a diverse yet welcoming online environment by doing exactly what Twitter won’t: letting its community make the rules. The platform consists of various user-created networks, called instances, each of which determines its own laws. One instance could ban sexist jokes and Nazi logos, while another might practice radically free speech. (In this way, Mastodon is not unlike a network of discretely moderated message boards crossed with a Tweetdeck-like interface.) Users choose for themselves which instance they want to join and select from a host of privacy and anti-harassment settings.

 

Oh, and the character limit is 500, not 140. In essence, Mastodon is an experiment in whether individually moderated communities can make a social network like Twitter more civil.

 

Learn more / En savoir plus / Mehr erfahren:

 

New social media site Mastodon potential cyber-security tar pit | #Awareness 

 

http://www.scoop.it/t/social-media-and-its-influence/?&tag=Mastodon

 
Sign up to comment
About Follow us Resources Terms Mobile Features
Facebook
X
LinkedIn