We have so many unfortunate terms in #informationsecuriy . Like #offensivesecurity . What that sounds like in my head: Patch your shit right now your miserable excuse of corporate airhead. Your application is so full of holes, your incompetence is an insult to the chair you sit on.
Haven't come up with a good #headcanon for "Hunt Forward" yet.
But seriously now, go #patchyourshit ๐ฌ
Hi everyone, I just released version 1.1.1 of my #Mastodon #DMARC Survey tool, updated survey results, and additional documentation. This release adds a DNSSEC check and SPF record validation. Error and warning fields are now included in the CSV for easy troubleshooting. This is to help administrators configure DMARC to help prevent attackers from spoofing a domain.
Even if you looked at the results from last Friday, it's worth taking a look at these new results.
https://github.com/seanthegeek/mastodon-dmarc-survey
#Infosec #InformationSecuriy #phish #phishing #spoofing #adminsofmastodon #OpenSource #OpenSourceSoftware #FLOSS #Python #CLI #API
A survey of DMARC deployment across all domains hosting public a Mastodon instance - GitHub - seanthegeek/mastodon-dmarc-survey: A survey of DMARC deployment across all domains hosting public a Mas...
In the short time I've been in the #Mastodon #Fediverse so far, I've talked a lot about how #DMARC can help prevent #spoofed #emails from being delivered to their targets, in light of a wave of Mastodon-themed phishing. That made me wonder, "How many Mastodon instances have a DMARC record on their domain? How many of those are set up to properly?" For their own security Users should join servers with an enforced DMARC policy, and instance admins should enforce DMARC on their domains to protect users and attract a security conscious userbase.
I wrote a script that queries instances.social for the 1000 top Mastodon instances based on the number of active users, feeds that list to #checkdmarc to query for, parse, and validate DMARC #DNS records. Here are the results.
https://github.com/seanthegeek/mastodon-dmarc-survey
As of earlier today, 148 instances with a combined 295, 975 active users had an enforced DMARC policy (p=quarantine or p=reject). 113 instances with a combined 168,965 active users have deployed a monitor only policy, 3 instances with a combined 577 active users have an invalid DMARC record, and 113 instances with a combined 486,972 active users don't have any DMARC record.
As I looked through the list of instances, I noticed that infosec.exchange is now the 7th largest Mastodon instance on the public internet, with 18,328 active users (and counting. Thanks @jerry!
#Infosec #InformationSecuriy #phish #phishing #spoofing #adminsofmastodon #OpenSource #OpenSourceSoftware #FLOSS #Python #CLI #API
A survey of DMARC deployment across all domains hosting public a Mastodon instance - GitHub - seanthegeek/mastodon-dmarc-survey: A survey of DMARC deployment across all domains hosting public a Mas...
Gilgwath
Sean Whalen ๐จ๐ผโ๐ฆผ๐ณ๏ธโ๐๐บ๐ฆ๐๏ธ