Twitter Alternative Mastodon Has Security Issues
By Adam
Researchers from cybersecurity firm Mastodon discovered that Mastodon’s decentralized alternative to Twitter had many security vulnerabilities. Mastodon’s users have increased since Elon Musk, a tech entrepreneur took over Twitter. Many are unhappy with Musk’s policies and his decision to reinstate controversial figures like former President Donald Trump.
While the interface may look similar to Twitter, it’s not managed by any single company or entity. SecurityWeek reports that it is a self-hosted, open-source social network platform.
ADVERTISEMENT
There are many Mastodon servers that can be joined by users, each one interconnected, and they’re called instances. While the rules might differ on different servers, the most important concern should be that users are not privy to any security breaches.
Vulnerabilities Discovered
Researchers already found an HTML injection vulnerability, which can be used to steal user credentials. A second exploit that could let hackers download every file on a server and even photos shared via direct messages was also discovered by researchers.
Melissa Bischoping is Tanium’s director of endpoint security research and specialist in Mastodon.
ADVERTISEMENT
She stated via email that open-source and decentralized platforms have many benefits and will continue to grow in popularity.
Boschoping said that Mastodon members should not be mistaken for a Twitter replacement and they should know about the special features in the “Fediverse”.
David Maynor, Cybrary’s senior threat intelligence director, said via email, “Mastodon may not be the panacea that many people fleeing Twitter May believe it is,”
Maynor added that, “While it was an open-source project over many years, it never got close to the server load or scrutiny it has lately.” He also suggested that vulnerability scanners have helped identify critical bugs.
ADVERTISEMENT
Apart from the code itself, Mastodon’s segmentation means that only one or two individuals can administer an instance of Mastodon.
Maynor warned those who want to quit Twitter.
His final words were: “Buyer beware!”
The Decentralized Platform Has Its Risks
The issue here is how Mastodon was created. Administrators manage each instance. They have control of the infrastructure as well as the software on the servers.
Boschoping explained that this means you trust the administrators to protect and preserve their instances and your account.
ADVERTISEMENT
However, many instances run by individuals or small companies without security budgets and staff, so users shouldn’t assume they are secure.
Boschoping stated that you don’t need to use it. But it doesn’t mean you should assume all data sent there is secure from theft, seizure or destruction by law enforcement. …read more
Source:: Social Media Explorer