Post ACI2SEu0h2dreRdl0C by TimSueberkrueb@mastodon.social
(DIR) More posts by TimSueberkrueb@mastodon.social
(DIR) Post #ACHYIzAUpFdtcc1TZw by bortzmeyer@mastodon.gougere.fr
2021-10-12T08:02:19Z
0 likes, 1 repeats
This is a great achievment for the fediverse: it is now used by malware (in this case, to find the C&C, or C2, the Command and Control center where the malware will take instructions).https://www.bleepingcomputer.com/news/security/vidar-stealer-abuses-mastodon-to-silently-get-c2-configuration/Do note the stupid remark (a typical one from some security fans) saying that the fediverse is not censored enough.(The account mentioned in the article is already suspended.)
(DIR) Post #ACHYVJAEJ9Nv71m3EW by bortzmeyer@mastodon.gougere.fr
2021-10-12T08:04:36Z
0 likes, 1 repeats
Malware already used DNS, IRC, XMPP, Web pages, Ethereum, Twitter, pads, to communicate with their C&C. Sooner or later, they had to try the fediverse. *Every* communication tool can be used this way. Sentences like "Mastodon a relatively under-moderated space" are really dumb. Do they expect a censor to check daily *all* the profiles, and notice that "scan:192.0.2.1" is an order to the malware?
(DIR) Post #ACHYkqIhOBMCEA8udE by selea@social.linux.pizza
2021-10-12T08:07:19Z
0 likes, 1 repeats
@bortzmeyer I can't understand why people are using this as an argument against Mastodon (or fediverse in general) while they are being forgiving against Instagram for having the same issues https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-britney-spears-instagram-posts-to-control-malware/
(DIR) Post #ACHZ0HAzkQpLvOtlzM by bortzmeyer@mastodon.gougere.fr
2021-10-12T08:10:12Z
0 likes, 0 repeats
I still wait to see malware using #Gemini to communicate with the C&C :-)
(DIR) Post #ACHbbovNR5fNDQcjDM by spent@social.chinwag.org
2021-10-12T08:39:05Z
0 likes, 0 repeats
@selea @bortzmeyer Who is using this as an argument against Mastodon?
(DIR) Post #ACHbhR6Ov3GB4OSRiC by bortzmeyer@mastodon.gougere.fr
2021-10-12T08:40:25Z
0 likes, 0 repeats
@spent @selea It is implied in the papers https://www.bleepingcomputer.com/news/security/vidar-stealer-abuses-mastodon-to-silently-get-c2-configuration https://heimdalsecurity.com/blog/vidar-stealer-returns-and-has-a-new-target-mastodon
(DIR) Post #ACHbwp9ZmOeM0VHS6q by spent@social.chinwag.org
2021-10-12T08:43:09Z
0 likes, 0 repeats
@bortzmeyer @selea But nothing in those articles is inherently negative towards Mastodon. It's just states it was abused in a novel way.
(DIR) Post #ACHcCMMeaIJBLvnzgu by selea@social.linux.pizza
2021-10-12T08:45:44Z
0 likes, 0 repeats
@spent I have seen others saying that@bortzmeyer
(DIR) Post #ACHcENSfTcONKma3v6 by selea@social.linux.pizza
2021-10-12T08:46:04Z
0 likes, 0 repeats
@spent It was argued in a chat room a few days back lol@bortzmeyer
(DIR) Post #ACI2SEu0h2dreRdl0C by TimSueberkrueb@mastodon.social
2021-10-12T13:40:10Z
0 likes, 0 repeats
@bortzmeyer I tend to agree; it's not like they couldn't also encrypt or hide it (even in a picture or something).
(DIR) Post #ACK820cSABKvrgDvPs by abbe@bookwor.ms
2021-10-13T13:51:57Z
0 likes, 0 repeats
@bortzmeyer thank you for using documentation netblock, first time seeing it used as such :)
(DIR) Post #ACKAJVb2RZy4lo2Ai0 by bortzmeyer@mastodon.gougere.fr
2021-10-13T14:17:40Z
0 likes, 0 repeats
@abbe I write RFCs (where this is automatically checked), it helps :-)