Post APnwtNdWh8x3FGiWIa by PawelK@qoto.org
 (DIR) More posts by PawelK@qoto.org
 (DIR) Post #APnvF7SJKsrZWWi2bY by PawelK@qoto.org
       2022-11-20T19:07:32Z
       
       0 likes, 0 repeats
       
       Minor security hole in ActivityPub or rather mastodon detected.Controlling one server, you can make one or more accounts there appear to have more followers than user really has.Cc @Gargron Details:https://twitter.com/vxunderground/status/1594017130214789121?s=20&t=jvCzZkcXfLWGw3WzmIC1Og
       
 (DIR) Post #APnwFexYruVROA9F4q by taz@qoto.org
       2022-11-20T19:18:51Z
       
       0 likes, 0 repeats
       
       @PawelK @Gargron That's not really a security hole. No data is compromised. But it does highlight a big weakness is the federation model used here.
       
 (DIR) Post #APnwtNdWh8x3FGiWIa by PawelK@qoto.org
       2022-11-20T19:26:02Z
       
       0 likes, 0 repeats
       
       @taz @Gargron Hmm lack of trust mechanism between servers, makes all data returned by any and all servers untrustable.
       
 (DIR) Post #APnx6i7XqXl4XZ79lY by taz@qoto.org
       2022-11-20T19:28:26Z
       
       0 likes, 0 repeats
       
       @PawelK @Gargron But that is how federation works! You either trust the source or you don't. A source providing bad or untrustworthy information isn't a security hole because it cannot compromise the receiving server its users in any way.AND there is already a way to deal with this, instance admins can block untrustworthy servers. So simple, a caveman can do it.
       
 (DIR) Post #APnx8s181SFJoT8vMu by taz@qoto.org
       2022-11-20T19:28:51Z
       
       0 likes, 0 repeats
       
       @PawelK @Gargron But that is how federation works! You either trust the source or you don't. A source providing bad or untrustworthy information isn't a security hole because it cannot compromise the receiving server or its users in any way.AND there is already a way to deal with this, instance admins can block untrustworthy servers. So simple, a caveman can do it.