Posts by seanthegeek@infosec.exchange
(DIR) Post #AR8yDmdldHHzwb3Djk by seanthegeek@infosec.exchange
2022-12-30T20:41:53Z
0 likes, 0 repeats
@stux Admins of Mastodon instances should ensure their legitimate emails and being properly DKIM signed, then publish a DMARC record with a reject policy in DNS to prevent #phishing emails from spoofing their email domain in the from address.I wrote a blog post on how DMARC works a while back. https://seanthegeek.net/459/demystifying-dmarc/#infosec #informationsecurity #cybersecurity #mastodon #adminsofmastodon #phishing #spoofing #dkim #dmarc #email #security
(DIR) Post #ARAtQQULC43RYClqvQ by seanthegeek@infosec.exchange
2022-12-31T17:18:41Z
0 likes, 0 repeats
The #GOP by flooded the news with shoddy polls that leaned their way. It was a #PSYOP that discouraged support of #democrat campaigns that otherwise had a decent possibility of winning, while at the same time setting false expectations of a #RedWave to their base — giving more oxygen to the "stolen election" lies.Gift article linked below.The ‘Red Wave’ Washout: How Skewed Polls Fed a False Election Narrative https://www.nytimes.com/2022/12/31/us/politics/polling-election-2022-red-wave.html?unlocked_article_code=AAAAAAAAAAAAAAAACEIPuonUktbfqYhlSlUYAibIRp8_qRmHmfnE2_skgXv6LS6aDDtGwu8JAo-Gvh2VP_AmfdY_miuSWtIHMKMqQLY66N5jCHFXalvipIqYytNCKj8pqIm3UyQ_05ySAOljoHrkNjazbboimrD6thmLaX3sC6za2SErJlpiqZB1ZBr9jyxzs6TGG-9_2dB_1f0zVNstFXpbOn7877S_AA5-Od6Gchnc9gM1PuldUj3WltWcgKkSJEQQURmVCSMivhtvrY9UK9gVP6zgLhY_eMeYgboZDmJgL4zBFIR4Jygsor5RpO1jH73FrPm8#politics #USPolitics #democrats #election #elections #2022Midterms #polls #polling #StolenElection #ElectionIntegrity #VoterFraud #republican #republicans #disinformation #propaganda
(DIR) Post #ARMQns48GJrqxzrGpU by seanthegeek@infosec.exchange
2022-12-30T16:04:39Z
2 likes, 0 repeats
I am so sick of seeing people try to defend Elon Musk's toxic behavior by pointing to his autism.Let me be clear as someone with cerebral palsy and ADHD: Autism/neurodivergence/disability is never an excuse for malicious actions. Plenty of people are autistic without being assholes.#disability #disabled #neurodivergent #neurodiversity #autistic #autism #CerebralPalsy #SpinaBifida #TBI #dementia #SpinalCordInjury #ToxicMasculinity #ElonMusk #Elon #Twitter #BirdSite #SocialMedia
(DIR) Post #ARNuxNFGtjCk3eTZ7A by seanthegeek@infosec.exchange
2023-01-07T00:38:13Z
0 likes, 0 repeats
In the short time I've been the #Mastodon #Fediverse so far, I've talked a lot about how #DMARC can help prevent #spoofed #emails from being delivered to their targets, in light of a wave of Mastodon-themed phishing. That made me wonder, "How many Mastodon instances have a DMARC record on their domain? How many of those are set up to properly?" For their own security Users should join servers with an enforced DMARC policy, and instance admins should enforce DMARC on their domains to protect users and attract a security conscious userbase.I wrote a script that queries instances.social for the 1000 top Mastodon instances based on the number of active users, feeds that list to #checkdmarc to query for, parse, and validate DMARC #DNS records. Here are the results.https://github.com/seanthegeek/mastodon-dmarc-surveyAs of earlier today, 148 instances with a combined 295, 975 active users had an enforced DMARC policy (p=quarantine or p=reject). 113 instances with a combined 168,965 active users have deployed a monitor only policy, 3 instances with a combined 577 active users have an invalid DMARC record, and 113 instances with a combined 486,972 active users don't have any DMARC record.As I looked through the list of instances, I noticed that infosec.exchange is now the 7th largest Mastodon instance on the public internet, with 18,328 active users (and counting. Thanks @jerry!#Infosec #InformationSecuriy #phish #phishing #spoofing #adminsofmastodon #OpenSource #OpenSourceSoftware #FLOSS #Python #CLI #API
(DIR) Post #ARXGvaJWwga9UnrKaG by seanthegeek@infosec.exchange
2023-01-11T04:18:33Z
0 likes, 0 repeats
Hi everyone, I just released version 1.1.1 of my #Mastodon #DMARC Survey tool, updated survey results, and additional documentation. This release adds a DNSSEC check and SPF record validation. Error and warning fields are now included in the CSV for easy troubleshooting. This is to help administrators configure DMARC to help prevent attackers from spoofing a domain.Even if you looked at the results from last Friday, it's worth taking a look at these new results.https://github.com/seanthegeek/mastodon-dmarc-survey#Infosec #InformationSecuriy #phish #phishing #spoofing #adminsofmastodon #OpenSource #OpenSourceSoftware #FLOSS #Python #CLI #API
(DIR) Post #ARXTQPUASE1YL5Ie9I by seanthegeek@infosec.exchange
2023-01-11T16:24:35Z
0 likes, 0 repeats
@selea Yep. Exactly why I'm doing this.
(DIR) Post #ASAiD94Q7NjD2ksCCu by seanthegeek@infosec.exchange
2023-01-30T13:47:44Z
0 likes, 1 repeats
During my usual 3 AM bout of insomnia, I read this fascinating/disturbing blog post describing in detail how the couple running a literal neo-Nazi homeschooling group were identified using OSINT. https://accollective.noblogs.org/post/2023/01/23/dissident-homeschool/The research was verified by the Huffington Post, who spoke with relatives of the couple. https://www.huffpost.com/entry/home-school-nazis-telegram-dissident-saxon_n_63d596c4e4b01a43638e6a0a#OSINT #Nazis #Nazis #NeoNatzi #NeoNatzis #AltRight #Homeschool #Homeschooling #Education #K12 #USPolitics #USA #Ohio
(DIR) Post #ASobz0VxQtqSC0lzvs by seanthegeek@infosec.exchange
2023-02-18T20:41:30Z
0 likes, 1 repeats
It occurred to me that many, if not most #Mastodon instances are run by one person who maintains the server infrastructure (not just an admin Mastodon account). That leaves large chunks of the fediverse with a Bus Factor of 1, meaning if that one owner was suddenly hit by a bus and died, there would be no one left to maintain an instance.Ideally, an instance should have at least two trusted people in geographically separate areas who can maintain the server infrastructure.Please boostthis post and tag your instance admin in a reply to see how they are mitigating this risk.cc: @jerry @stux #Mastodon #AdminsOfMastodon #RiskManagement #DisasterRecovery #InfoSec
(DIR) Post #ASoc40c2UmuFwe0ES0 by seanthegeek@infosec.exchange
2023-02-18T20:43:36Z
0 likes, 0 repeats
@stux Glad to hear that!
(DIR) Post #ATtPFwF7rnxoOtFtTc by seanthegeek@infosec.exchange
2023-03-23T00:40:07Z
0 likes, 1 repeats
I wouldn't put it past Trump and his MAGA cultists to stage a shooting so he can rile up his base. He's practically putting out a casting call. https://www.theguardian.com/us-news/2023/mar/22/trump-grand-jury-delay-charges-hush-money#Trump #MAGA #Politics #USPolitics #GOP #TrumpInditement #J6 #January6 #Riot
(DIR) Post #AYWmLXX4YILBVcJls8 by seanthegeek@infosec.exchange
2023-08-08T13:14:52Z
0 likes, 1 repeats
If you know anyone in Ohio, make sure they know that the special election for Issue 1 is today from 6:30am until 7:30pm, and urge them to vote No. If it passes, it will raise the threshold for passing ballot issues from 50% to 60%, allowing a 40% minority to veto ballot issues.The GOP spent a ton of donor and taxpayer money to set up a special election, just for this one issue, hoping it will pass with low turnout, because it would remove one of the few remaining checks on a heavily gerrymandered statehouse.https://votenoinaugust.org/facts/#Ohio #OhioIssue1 #OhioIssueOne #Issue1 #OhioPolitics #USPolitics #StatePolitics #Politics #GOP
(DIR) Post #Ab3OtOk80uktgRrQ4O by seanthegeek@infosec.exchange
2023-09-24T09:30:49Z
0 likes, 1 repeats
It occurred to me that if X/Twitter still exists in 20 years or so, "In my day, X was called Twitter" will be an age indicator.#SocialMedia #X #Twitter #ElonMusk #Boomers #GenX #Millennials #GenZ #Teenagers #Old