A small tool to view real-world ActivityPub objects as JSON! Enter a URL
or username from Mastodon or a similar service below, and we'll send a
request with
the right
Accept
header
to the server to view the underlying object.
{
"@context": [
"https://www.w3.org/ns/activitystreams",
{
"ostatus": "http://ostatus.org#",
"atomUri": "ostatus:atomUri",
"inReplyToAtomUri": "ostatus:inReplyToAtomUri",
"conversation": "ostatus:conversation",
"sensitive": "as:sensitive",
"toot": "http://joinmastodon.org/ns#",
"votersCount": "toot:votersCount",
"litepub": "http://litepub.social/ns#",
"directMessage": "litepub:directMessage",
"Hashtag": "as:Hashtag"
}
],
"id": "https://infosec.exchange/users/realn2s/statuses/111605920209725128",
"type": "Note",
"summary": null,
"inReplyTo": "https://infosec.exchange/users/realn2s/statuses/111603611961864032",
"published": "2023-12-19T07:33:14Z",
"url": "https://infosec.exchange/@realn2s/111605920209725128",
"attributedTo": "https://infosec.exchange/users/realn2s",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"cc": [
"https://infosec.exchange/users/realn2s/followers"
],
"sensitive": false,
"atomUri": "https://infosec.exchange/users/realn2s/statuses/111605920209725128",
"inReplyToAtomUri": "https://infosec.exchange/users/realn2s/statuses/111603611961864032",
"conversation": "tag:infosec.exchange,2023-12-18:objectId=118774018:objectType=Conversation",
"content": "<p>Sleeping over it I noticed another issue with <a href=\"https://infosec.exchange/tags/Microsoft\" class=\"mention hashtag\" rel=\"tag\">#<span>Microsoft</span></a> <a href=\"https://infosec.exchange/tags/Entra\" class=\"mention hashtag\" rel=\"tag\">#<span>Entra</span></a> ID <a href=\"https://infosec.exchange/tags/Password\" class=\"mention hashtag\" rel=\"tag\">#<span>Password</span></a> </p><p>Regarding the Global banned password list they write "The contents of the global banned password list aren't based on any external data source, but on the results of Microsoft Entra security telemetry and analysis."<br />(<a href=\"https://learn.microsoft.com/en-us/entra/identity/authentication/concept-password-ban-bad\" target=\"_blank\" rel=\"nofollow noopener\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"ellipsis\">learn.microsoft.com/en-us/entr</span><span class=\"invisible\">a/identity/authentication/concept-password-ban-bad</span></a>)</p><p>Now I have more questions:</p><p>WHY are passwords part of the security telemetry data?</p><p>The only case where I see this as ok, would be in a honeypot.</p><p>And what kind of data would be in the security telemetry data? Usually it's failed attempts, so you risk overestimating passwords attacks which fail (anyway). Again, this would only be OK with honeypots.</p><p>But if you are getting your data solely from honeypots, I fear you're getting a pre-selected type of data. Namely opportunistic, random attacks not targeted attacks.</p><p>While I think it's valuable to protect against these kind ob attacks, I really would like passwords to withstand even targeted attacks, even from the inside.<br />E.g when the attackers are in the Lateral Movement or Privilege Escalation. Especially if the attackers can start to crack hashes.</p><p>For this Microsoft Entra ID Password Protection seems completely useless there.</p><p><a href=\"https://infosec.exchange/tags/Cybersecurity\" class=\"mention hashtag\" rel=\"tag\">#<span>Cybersecurity</span></a> <a href=\"https://infosec.exchange/tags/Fail\" class=\"mention hashtag\" rel=\"tag\">#<span>Fail</span></a> <a href=\"https://infosec.exchange/tags/SecurityFail\" class=\"mention hashtag\" rel=\"tag\">#<span>SecurityFail</span></a></p>",
"contentMap": {
"en": "<p>Sleeping over it I noticed another issue with <a href=\"https://infosec.exchange/tags/Microsoft\" class=\"mention hashtag\" rel=\"tag\">#<span>Microsoft</span></a> <a href=\"https://infosec.exchange/tags/Entra\" class=\"mention hashtag\" rel=\"tag\">#<span>Entra</span></a> ID <a href=\"https://infosec.exchange/tags/Password\" class=\"mention hashtag\" rel=\"tag\">#<span>Password</span></a> </p><p>Regarding the Global banned password list they write "The contents of the global banned password list aren't based on any external data source, but on the results of Microsoft Entra security telemetry and analysis."<br />(<a href=\"https://learn.microsoft.com/en-us/entra/identity/authentication/concept-password-ban-bad\" target=\"_blank\" rel=\"nofollow noopener\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"ellipsis\">learn.microsoft.com/en-us/entr</span><span class=\"invisible\">a/identity/authentication/concept-password-ban-bad</span></a>)</p><p>Now I have more questions:</p><p>WHY are passwords part of the security telemetry data?</p><p>The only case where I see this as ok, would be in a honeypot.</p><p>And what kind of data would be in the security telemetry data? Usually it's failed attempts, so you risk overestimating passwords attacks which fail (anyway). Again, this would only be OK with honeypots.</p><p>But if you are getting your data solely from honeypots, I fear you're getting a pre-selected type of data. Namely opportunistic, random attacks not targeted attacks.</p><p>While I think it's valuable to protect against these kind ob attacks, I really would like passwords to withstand even targeted attacks, even from the inside.<br />E.g when the attackers are in the Lateral Movement or Privilege Escalation. Especially if the attackers can start to crack hashes.</p><p>For this Microsoft Entra ID Password Protection seems completely useless there.</p><p><a href=\"https://infosec.exchange/tags/Cybersecurity\" class=\"mention hashtag\" rel=\"tag\">#<span>Cybersecurity</span></a> <a href=\"https://infosec.exchange/tags/Fail\" class=\"mention hashtag\" rel=\"tag\">#<span>Fail</span></a> <a href=\"https://infosec.exchange/tags/SecurityFail\" class=\"mention hashtag\" rel=\"tag\">#<span>SecurityFail</span></a></p>"
},
"updated": "2023-12-22T08:46:53Z",
"attachment": [],
"tag": [
{
"type": "Hashtag",
"href": "https://infosec.exchange/tags/microsoft",
"name": "#microsoft"
},
{
"type": "Hashtag",
"href": "https://infosec.exchange/tags/entra",
"name": "#entra"
},
{
"type": "Hashtag",
"href": "https://infosec.exchange/tags/password",
"name": "#password"
},
{
"type": "Hashtag",
"href": "https://infosec.exchange/tags/cybersecurity",
"name": "#cybersecurity"
},
{
"type": "Hashtag",
"href": "https://infosec.exchange/tags/fail",
"name": "#fail"
},
{
"type": "Hashtag",
"href": "https://infosec.exchange/tags/securityfail",
"name": "#securityfail"
}
],
"replies": {
"id": "https://infosec.exchange/users/realn2s/statuses/111605920209725128/replies",
"type": "Collection",
"first": {
"type": "CollectionPage",
"next": "https://infosec.exchange/users/realn2s/statuses/111605920209725128/replies?min_id=111606062404362282&page=true",
"partOf": "https://infosec.exchange/users/realn2s/statuses/111605920209725128/replies",
"items": [
"https://infosec.exchange/users/realn2s/statuses/111606062404362282"
]
}
},
"likes": {
"id": "https://infosec.exchange/users/realn2s/statuses/111605920209725128/likes",
"type": "Collection",
"totalItems": 1
},
"shares": {
"id": "https://infosec.exchange/users/realn2s/statuses/111605920209725128/shares",
"type": "Collection",
"totalItems": 0
}
}