7 mo. ago • 76%

Does the fediverse have defense against watering hole attacks?

en.wikipedia.org Watering hole attack - Wikipedia

With so many variations of Lemmy and fediverse instances, are there any defenses against a malicious server running altered code? Is there a way to prove what code is supposed to be running on each instance?

10 comments

There isn't. However, Lemmy or other Fediverse applications are no different from any other website in that respect. The main difference is that the bit

One of the most significant dangers of watering hole attacks is that they are executed via legitimate websites that are unable to be easily blacklisted

is not really true in the Fediverse. You could easily block a single infected instance once it is detected that your employees are attacked via malware on that instance.

19
- The quick defederarion option is a nice defense. Could be some damage in the meantime though
  
  1
  
  I am not talking about defederation, just straight blocking of that website in a corporate or similar network if it is used to target your employees which is what watering hole attacks are all about.
  
  1
You mean for users of that instance or for other instances?

1
- Either or. Would be more nefarious to have users sign up for a malicious instance unknowingly and then federate with non malicious instances
  
  2
  
  Something to consider would be to compare this to the walled gardens, say Facebook. Is that a malicious 'instance'?
  
  And then what is the chance to register on a malicious one in the fediverse?
  
  1

You've viewed 10 comments.