fsebugoutzone.org:9999

       Post AQGJ03avDBvTSFnLvs by fsnk@mastodon.acc.sunet.se
 (DIR) More posts by fsnk@mastodon.acc.sunet.se
 (DIR) Post #AQFJvF336bTWKGG8Dw by jerry@infosec.exchange
       2022-12-03T23:02:20Z
       
       0 likes, 0 repeats
       
       ⚠️Idea for the fediverse⚠️Earlier today, @fsnk pinged me with a great idea to create a CERT for the fediverse.  See (https://mastodon.acc.sunet.se/@fsnk/109450216490898680).Given the events of today, I really think this is something we could benefit from.  We do have #fediblock, but that is intended to serve a different purpose.  I can see a need for a coordination/alerting capability for security threats, vulnerability notices, and so on.Does anyone else think this is a good idea or bad idea?  Is there something already like this? Would any of you be interested in contributing to such a thing?
       
 (DIR) Post #AQFJvFkeUULyVUexBg by mansr@society.oftrolls.com
       2022-12-04T00:21:15Z
       
       0 likes, 0 repeats
       
       @jerry @fsnk Good idea. Coordinated sharing of info relating to threats to the infrastructure, as opposed to the nature of content, seems useful.
       
 (DIR) Post #AQFZPxfrFaPAjMWBGq by seb@ioc.exchange
       2022-12-04T03:14:53Z
       
       0 likes, 0 repeats
       
       @jerry @fsnk I think it is a good idea and will be needed to allow the fedi to survive.To create authority, that CERT would need to operate on strict guidelines/SOPs that can only be changed by a group of “elders/experts”. Otherwise it will quickly turn into fediblock, which would create more harm than it would help.As it matures, it can use a MISP instance to maintain block lists and offer them through a feed.
       
 (DIR) Post #AQGJ03avDBvTSFnLvs by fsnk@mastodon.acc.sunet.se
       2022-12-04T11:45:36Z
       
       0 likes, 0 repeats
       
       @seb (Stating the obvious) I also think a CERT should avoid getting into content moderation block lists and leave those to local admins or admin groups, any CERT block lists ought to focus on bad actors in the technical arenaOverlap when it comes to some kinds of attacks (e.g. disinfo bot farms) could make it appear a CERT is trying to make content moderation decisions if people don&#39;t understand the mechanisms behind those actors, but I guess that&#39;s where education comes in@jerry