Discussions related to Infosec.pub

Images do not get mirrored from one Lemmy instance to another. Understandably so. But there is a harmful side effect: if SourceNode is behind an access-restricted walled-garden and an image from that node is cross-posted to a DestinationNode that is not inside the same access-restricted walled-garden, then some readers on DestinationNode see posts where the image is inaccessible.

All variants of walled gardens are can trigger this problem but the most common is Cloudflare. So posts that contain images coming from instances like sh.itjust.works and lemmy.world are exclusive and do not include all people who infosec.pub includes.

How can this be fixed?

1. infosec.pub could defederate from all Cloudflare nodes. This would prevent CF pawns from pushing exclusive content onto infosec.pub, but infosec.pub users could probably still post links to the exclusive venues.
2. infosec.pub could block just cross-posts from CF nodes that contain images.
3. infosec.pub could mirror images when the image is in a known exclusive walled garden.
4. infosec.pub could accept posts that contain images in walled gardens and then immediately hide those posts. Perhaps a bot could populate a community designated for exclusive walled gardens with links to hidden posts so users not excluded by the walled garden can still reach the content.

Some of those options might require changes to lemmy code.

This may be an instance-specific problem because I’ve had no problem editing posts on other instances. When I try to exit the title and body of this post, I click save (or whatever) and without error it behaves as if my change was accepted.

Most instances take a minute or two to re-render the screen to show my updates. If the wait is long, I sometimes do a hard refresh to make sure the change got accepted (and if I don’t do that and I do another update, the old content populates the form and causes the recent edit to be lost).

Anyway, with infosec.pub my edits on the above-mentioned post just take no effect, confirmed by a hard-refresh showing no change.

I'm not a user of this instance so I'm absolutely not going to try to tell you how it should be run, but I am curious. The other instances defederated are ones which have a pretty well-known reputation.

But feddit.nl is the local instance for Dutch users. It seems fairly innocuous. I mainly only know about it because of the notjustbikes community, which is tiny, but excellent, and about a Canadian YouTuber who lives in the Netherlands with a channel of the same name. I'm just curious what happened there to get it defederated from here, and whether perhaps I should look to create a notjustbikes community elsewhere, if it's a problematic instance for some reason.

ALL,

I have noticed a bunch of slightly overlapping communities, or some that just don't seem super active.

There are a couple of security related news communities already.

Is there actually interest in INFOSEC projects, blogs, frameworks, TTPs, etc?

Perhaps people who are interested would weigh in, and we could pick a community to work in? I know people don't always like the idea of consolidation, but I'm more interested in gauging people's continued interest.

• Do people here actively work on info sec projects that would post walk throughs, configs?
• Do people work within security frameworks and have sharable configurations?

@[email protected] @[email protected] @[email protected] @[email protected] @[email protected] @[email protected] @[email protected] @[email protected]

cross-posted from: https://infosec.pub/post/8863199

This post was composed with a link to a Wired article:

https://lemmy.ohaa.xyz/post/1939209

Then in a separate step, the article was edited and an image was uploaded. The URL of the local image unexpectedly replaced the URL of the article. Luckily I noticed the problem before losing track of the article URL.

I don't have a problem blocking it, just seems like a pro Russian influence operation to me, since I don't know anything about this group or the culture.

I'm receiving periodic 500 server errors when viewing posts for about the last week. It's pretty infrequent but definitely still happening.

I've also noticed that viewing some images has been problematic, sometimes requiring a few tries to get them to appear. Likely the same issue there.

Anyone else noticed this?

After a conversation in [email protected] I was looking for status pages. Does infosec.pub have one?

Hello everyone. I will be taking infosec.pub offline for a while today to move the instance to a new, larger server.

https://infosec.pub/post/3846278

I add an image, but the image file gets added as the URL

previous post https://infosec.pub/post/3808257 worked fine

I am going to be disabling image uploads and image serving, moving to moderated signups, and instituting some extensive block lists on infosec.pub due to the pervasive problems with CSAM attacks on lemmy instances.

No, it’s not happened to any of our instances yet, but I don’t need that headache. And if anyone does, I promise you that I will make it my life’s mission to see that those responsible are convicted and rotting in prison where they belong. ❤️

Edit: h/t to @infosec_jcp for pointing out the problem to me.

Hey, I just did a quick browse through the blocked instances list for infosec.pub and have a few questions about it. Seems like we are blocking sh.itjust.works which at first glance just looks like one of the bigger general purpose instances. Meanwhile more overtly problematic instances like lemmygrad (tankie instance) or exploding heads ("free speech extremists") are federated with. Generally the block list seems fairly small compared to a lot of other instances.

So are these intentional choices or is it more a matter of the admins not (having the time to be) bothering with it? If it's not intentional, maybe checking some other instances blocklists to weed out the biggest trolls/offenders could be useful.

I'm getting a bunch of broken images. TIA.

As the title says, @[email protected] do you have any backup and how can we support you as the admin of our instance?

Burnout on spare-time projects can be very real, especially when they suddenly grow or become more difficult to manage. We all appreciate what you are doing here. So even if there's nothing we can do directly, I'd just like to say thank you.

I tried logging in on browser and I had inspected the request. My password was sent in plaintext. Is this a infosec.pub issue or a Lemmy one?

2FA in lemmy doesn’t work reliably yet. Please don’t enable it or you will almost certainly get locked out.

Note: it makes me sad to post this.

Hi all. I am going to implement a block for sh.itjust.works. I am going to need years of therapy from all the nasty crap coming from that instance.

Just setting up my account and 2FA auth is not showing after refreshing and clicking the Button. Broken or a Me issue ?

Do you want to help and be part of the most amazing space crew (wink )? Call for volunteers are open! #cybersecurity https://twitter.com/HackRedCon/status/1679476064173584388

Guys, gals, and non-binary pals be sure to grab your ticket for #HackRedCon

This year we have the wonderful Louisville Slugger hosting, so baseball fans be sure to book now!

https://t.co/MYPBBCnUNu

Pretty much the title. is federation broken? I hardly see comments anymore since about 1-2 days. the “new” page is pretty much stagnant :(

And do they have to be infosec focused?

Hi all. I’ve disabled new community creation and federation until there is a fix for the latest vulnerability

Discussion from here: https://lemmy.ml/post/1895271

Relevance: Infosec.pub may wish to consider defederation temporarily.

Temporary fix in place, but instances remain vulnerable. Post: https://lemmy.world/post/1290412

• UPDATE 2:58 UTC the injected code was removed from the main page, but cleanup efforts are still underway.
• UPDATE 3:11 UTC situation appears to be under control, but browse with caution.
• UPDATE 3:35 UTC main page exploited again! Website is unsafe.
• UPDATE 4:01 UTC reports coming in that other instances are getting owned. One report of comments trying to inject JavaScript into the page.
• UPDATE 4:13 UTC XSS vulnerability in page sidebar is reported relationship to the event is unknown.
• UPDATE 7:17 UTC Root cause was identified a while ago.