Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
faq:security:mastodon_vulnerability_testing [2022/11/20 00:36] dreadpir8robotsfaq:security:mastodon_vulnerability_testing [2022/11/22 06:31] (current) cirriustech
Line 1: Line 1:
 ====== Mastodon Vulnerability Testing: not permitted on Infosec.Exchange but might be allowed elsewhere ====== ====== Mastodon Vulnerability Testing: not permitted on Infosec.Exchange but might be allowed elsewhere ======
-Infosec.Exchange is relied on by thousands of people so the Infosec.Exchange rules are designed to protect the service and the people who use it. Although the rules are not designed to discourage legitimate security research:+Infosec.Exchange is relied on by thousands of people so the Infosec.Exchange rules are designed to protect the service and the people who use it. Although the rules are not designed to discourage legitimate security research, please be aware that:
  
 <div alert>[[rules:rule_10_no_attacks_against_or_from_the_instance|Rule #10]]: You may not do anything which may impact confidentiality, integrity or availability of Infosec.Exchange services, the infrastructure on which the service relies, the users of the service, or their data.</div> <div alert>[[rules:rule_10_no_attacks_against_or_from_the_instance|Rule #10]]: You may not do anything which may impact confidentiality, integrity or availability of Infosec.Exchange services, the infrastructure on which the service relies, the users of the service, or their data.</div>
Line 6: Line 6:
 If you are looking for somewhere to test vulnerabilities of Mastodon, servers exist which are maintained specifically to allow this sort of testing: If you are looking for somewhere to test vulnerabilities of Mastodon, servers exist which are maintained specifically to allow this sort of testing:
  
-^ Domain ^ Maintainer ^ Description ^ +^ Domain ^ Maintainer ^ Mastodon Software ^ Description ^ 
-|https://cybervillains.com|[[https://infosec.exchange/@alex|Alex Stamos]]|This server was specifically built as a playground for security professionals to understand the security, privacy and safety issues of Mastodon. Unstable and crazy, as social media should be.| +|https://bob.pwniverse.io|[[https://infosec.exchange/@jerry|Jerry]]| ''Glitch-Soc'' | For security testing and maintained by Infosec.Exchange; Bob can only federate with Alice| 
-<block info>FIXME [[https://infosec.exchange/@jerry/109368923347777577|@jerry has discussed the possibility of standing up two separate testing instances]], federated only with each other.</block>+|https://alice.pwniverse.io|[[https://infosec.exchange/@jerry|Jerry]]| ''Glitch-Soc'' | For security testing and maintained by Infosec.Exchange; Alice can only federate with Bob| 
 +|https://cybervillains.com|[[https://infosec.exchange/@alex|Alex Stamos]]| ''Mastodon'' | This server was specifically built as a playground for security professionals to understand the security, privacy and safety issues of Mastodon. Unstable and crazy, as social media should be.|