Posts by ChrisJohnRiley@infosec.exchange
(DIR) Post #APKaQ1MZ5GXRupk2rY by ChrisJohnRiley@infosec.exchange
2022-11-06T15:16:51Z
0 likes, 0 repeats
There are many things that make me concerned about Mastodon… A short🧵and (unverified) thoughts:**Federation**One of the many things I'm concerned about with Mastodon is the federated accounts. How do you reserve your handle and prevent fakers from spinning up a new account to impersonate you? Seems like a problem that needs to be faced sooner rather than later sadly 🫣The benefits and inherent drawbacks of decentralized social solutions is a balancing act that will take significant time to get right. **Verification**Verification (in the Twitter sense) isn't the answer, but highly technical and hard to achieve solutions are unlikely to gain the significant traction needed to make them useful. If brands, and non-technical users can't make it work, then we've failed.**Server abuse**Decentralized servers offer pros and cons. Much like popular browser extensions and open-source tools, there is a tendency for malicious actors to target takeover of these resources to gain immediate access to users and resources that trust the resource. Why build yourself when you can takeover an existing platform. **Privacy/Non-repudiation**It's clear that owners of the platforms have some abilty to view data on their platforms and in their database. The abilty to change data may also be a concern. Without signed toots, and customer owned keys, can we trust the voice of the people we follow?…I'll leave it there for now, but would love to see a full threat model built up and examined. There are solutions out there, but we need to see where the problems are to figure out where to apply fixes.
(DIR) Post #APKe5wc5QuLbD4gTQm by ChrisJohnRiley@infosec.exchange
2022-11-06T16:08:45Z
0 likes, 0 repeats
@amerika I'm aware of the link verification. I haven't looked at the code behind it to see how the verification flows and what stage the verification happens.Does the client verify the link verification? Does the instance verify and communicate that? All areas to look at.Like I said, I'd like to see a threat model and abuse scenarios researched.
(DIR) Post #APKgKMW87SrBVnttcu by ChrisJohnRiley@infosec.exchange
2022-11-06T16:33:47Z
0 likes, 0 repeats
@amerika Who do you DMCA if it's decentralized?
(DIR) Post #APKiQUE0ZiE33xTLV2 by ChrisJohnRiley@infosec.exchange
2022-11-06T16:57:16Z
0 likes, 0 repeats
@amerika I don't think that'll work like you expect. Can you DMCA a scammer hosting their own instance? How do you enforce DMCA if they ignore it. DMCA is good for enforcement against companies, not individuals and inherently corrupt entities.
(DIR) Post #APKjuzX6pw8onxW4zQ by ChrisJohnRiley@infosec.exchange
2022-11-06T17:14:01Z
0 likes, 0 repeats
@amerika How does that work for instances owned by a private owner in Russia (asking for a friend).ISPs in certain countries may help fill in the gaps, but outside of the US there are differing processes and responses.
(DIR) Post #APKk5i1CIQkJfYhU4e by ChrisJohnRiley@infosec.exchange
2022-11-06T17:15:58Z
0 likes, 0 repeats
@amerika I think the real proof is in how this works in the months/years to come. DMCA na enforcement will not be as easy as a central platform, which is both good and bad. It's a new world, and there are new challenges.
(DIR) Post #AXOTbLhAvSy4KgiSmm by ChrisJohnRiley@infosec.exchange
2023-07-05T19:26:45Z
0 likes, 0 repeats
@lowqualityfacts 0.79 of an Elon! That's pretty Elon like 😜
(DIR) Post #Ac2gXgOd2Xe4jWyJg8 by ChrisJohnRiley@infosec.exchange
2023-11-21T20:26:28Z
0 likes, 0 repeats
@mjg59 Only if he can charge a fee for it I imagine
(DIR) Post #AumDf6CVHt3gMCluls by ChrisJohnRiley@infosec.exchange
2025-06-03T08:44:09Z
0 likes, 1 repeats
@patrickcmiller You never really know… https://www.dexerto.com/entertainment/ai-company-files-for-bankruptcy-after-being-exposed-as-700-human-engineers-3208136/
(DIR) Post #AvWHjTDL2I1bAfCnZI by ChrisJohnRiley@infosec.exchange
2025-06-25T09:13:15Z
0 likes, 0 repeats
Why is Finnish Healthcare Doing So Well Against Ransomware?Perttu Halonen (National Cyber Security Centre Finland, FI)#FIRSTCON25
(DIR) Post #AvWHjUh9WvT3lQA7g8 by ChrisJohnRiley@infosec.exchange
2025-06-25T09:20:51Z
0 likes, 0 repeats
Despite Ransomware being such a Global phenomenon, Finland has seen a low level of reports of compromise.- Mainly public healthcare - Small economy - Specialist support from NCSC-FI- Small country, low hierarchy - No healthcare company in FI has paid Ransomware #FIRSTCON25
(DIR) Post #AvWHjW2oVsO9wtIw52 by ChrisJohnRiley@infosec.exchange
2025-06-25T09:26:34Z
0 likes, 0 repeats
Ransomware attacks are mainly financially motivated. Rational targeting is towards larger targets with the lowest effort. Cybercrime gangs work internationally, so country boundaries don't prevent this.Ransomware incidents are talked about publicly more than other types of cybercrime, making the incidents comparable.5-8% of Ransomware attacks are healthcare sector. 67% of healthcare organisations fell victim to Ransomware (this number seems skewed and should be taking with a pinch of salt).#FIRSTCON25
(DIR) Post #AvWHjWwp9dBwkbVfNo by ChrisJohnRiley@infosec.exchange
2025-06-25T09:31:30Z
0 likes, 0 repeats
Finland specifically (2022-2024) saw 74 reported cases.Despite Finish healthcare being 9% of GDP, they only equate to 3% of Ransomware cases in that period.Attacks have been limited to admin and appointment systems, and had low/no impact on patients or their data.#FIRSTCON25
(DIR) Post #AvWHjXaAnKfQidv5iS by ChrisJohnRiley@infosec.exchange
2025-06-25T09:39:03Z
0 likes, 1 repeats
Finland has held regular ICT fairs to provide comprehensive peer-to-peer networking and support since the 1970's. This has built a landscape of frequent communication, even between competing companies.NCSC-FI promotes scanning and support for healthcare to reduce attack surface. Complexity and legacy systems are not much different to other regions (e.g. USA).#FIRSTCON25
(DIR) Post #AvWHjdw1B1hqQ8BcbA by ChrisJohnRiley@infosec.exchange
2025-06-25T09:41:15Z
0 likes, 0 repeats
Vastaamo incident from 2020 was a blackspot on the Finish healthcare landscape. Due to the data leaks, deaths occurred.https://en.m.wikipedia.org/wiki/Vastaamo_data_breach"This hacking incident had a wide impact on healthcare industry's obligations to secure their networks and increase their accountability."The follow-up to this tragedy forced Ransomware and security of data into the limelight politically and technically.#FIRSTCON25
(DIR) Post #AvWHjjPyn3dxQVF7Ue by ChrisJohnRiley@infosec.exchange
2025-06-25T09:44:05Z
0 likes, 0 repeats
53% of American healthcare organisations pay Ransomware.No Finish healthcare organisations have paid.This sends a clear message.#FIRSTCON25
(DIR) Post #AvWHjoFWpLFqPXOLOi by ChrisJohnRiley@infosec.exchange
2025-06-25T09:49:01Z
0 likes, 0 repeats
The Finish language may have been an additional disadvantage for attackers in the past, this was seen for years in low quality SPAM. With improvements in LLMs and automation, the language barrier is lower or no longer an issue here.Threat landscapes change regularly, so we'll see how LLMs make changes moving forwards.#FIRSTCON25