Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		 Previous revision
faq:security:mastodon_vulnerability_testing [2022/11/18 13:34] – created cirriustechfaq:security:mastodon_vulnerability_testing [2022/11/22 11:31] (current) cirriustech
Line 1: Line 1:
-====== No attacks against (or from) the instance ======+====== Mastodon Vulnerability Testing: not permitted on Infosec.Exchange but might be allowed elsewhere ====== 
 +Infosec.Exchange is relied on by thousands of people so the Infosec.Exchange rules are designed to protect the service and the people who use it. Although the rules are not designed to discourage legitimate security research, please be aware that:
  
-You may not do anything which may impact confidentiality, integrity or availability of Infosec.Exchange, the users of the service or their data+<div alert>[[rules:rule_10_no_attacks_against_or_from_the_instance|Rule #10]]: You may not do anything which may impact confidentiality, integrity or availability of Infosec.Exchange services, the infrastructure on which the service relies, the users of the serviceor their data.</div>
  
-You may not undertake any activity that would in any way put the confidentialityintegrity or availability of the servers, the users of the service or their data at risk.+If you are looking for somewhere to test vulnerabilities of Mastodon, servers exist which are maintained specifically to allow this sort of testing:
  
-This may include, but is not limited to: +^ Domain ^ Maintainer ^ Mastodon Software ^ Description ^ 
- +|https://bob.pwniverse.io|[[https://infosec.exchange/@jerry|Jerry]]| ''Glitch-Soc'' | For security testing and maintained by Infosec.Exchange; Bob can only federate with Alice| 
-Denial of Service attack (DoS) +|https://alice.pwniverse.io|[[https://infosec.exchange/@jerry|Jerry]]| ''Glitch-Soc'' | For security testing and maintained by Infosec.Exchange; Alice can only federate with Bob
-Distributed Denial of Service attack (DDoS) +|https://cybervillains.com|[[https://infosec.exchange/@alex|Alex Stamos]]| ''Mastodon'' | This server was specifically built as a playground for security professionals to understand the security, privacy and safety issues of Mastodon. Unstable and crazy, as social media should be.|
-Attempting to hack/exploit any software or hardware that compromises the service +
-Compromise/attempted compromise of any user or admin account/login +
-Impersonation of any user or admin +
-Posting of malicious links/materials except where clearly identified as such and placed behind a content warning +
-Breach of this rule will lead to an immediate lifetime ban and may also include reporting to the relevant authorities. +
- +
-This rule also encompasses using Infosec.Exchange in any way to impact other servers or people. +
- +
-If you are looking for somewhere to test vulnerabilities of Mastodon, a list of servers maintained for this are as listed below: +
- +
-^ Domain ^ Maintainer ^ +
-|--------|----------+
-|https://cybervillains.com|[[https://infosec.exchange/@alex|Alex Stamos]]|+