A small tool to view real-world ActivityPub objects as JSON! Enter a URL
or username from Mastodon or a similar service below, and we'll send a
request with
the right
Accept
header
to the server to view the underlying object.
{
"@context": [
"https://www.w3.org/ns/activitystreams",
{
"ostatus": "http://ostatus.org#",
"atomUri": "ostatus:atomUri",
"inReplyToAtomUri": "ostatus:inReplyToAtomUri",
"conversation": "ostatus:conversation",
"sensitive": "as:sensitive",
"toot": "http://joinmastodon.org/ns#",
"votersCount": "toot:votersCount",
"litepub": "http://litepub.social/ns#",
"directMessage": "litepub:directMessage",
"blurhash": "toot:blurhash",
"focalPoint": {
"@container": "@list",
"@id": "toot:focalPoint"
},
"Hashtag": "as:Hashtag"
}
],
"id": "https://infosec.exchange/users/realn2s/statuses/111622856327656104",
"type": "Note",
"summary": null,
"inReplyTo": "https://infosec.exchange/users/realn2s/statuses/111622734411617387",
"published": "2023-12-22T07:20:19Z",
"url": "https://infosec.exchange/@realn2s/111622856327656104",
"attributedTo": "https://infosec.exchange/users/realn2s",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"cc": [
"https://infosec.exchange/users/realn2s/followers"
],
"sensitive": false,
"atomUri": "https://infosec.exchange/users/realn2s/statuses/111622856327656104",
"inReplyToAtomUri": "https://infosec.exchange/users/realn2s/statuses/111622734411617387",
"conversation": "tag:infosec.exchange,2023-12-18:objectId=118774018:objectType=Conversation",
"content": "<p>Moving on to <a href=\"https://infosec.exchange/tags/Password\" class=\"mention hashtag\" rel=\"tag\">#<span>Password</span></a> <a href=\"https://infosec.exchange/tags/Guidance\" class=\"mention hashtag\" rel=\"tag\">#<span>Guidance</span></a> in general</p><p>Microsoft offers the following Password Guidance<br /><a href=\"https://www.microsoft.com/en-us/research/publication/password-guidance/\" target=\"_blank\" rel=\"nofollow noopener\" translate=\"no\"><span class=\"invisible\">https://www.</span><span class=\"ellipsis\">microsoft.com/en-us/research/p</span><span class=\"invisible\">ublication/password-guidance/</span></a></p><p>Side note, the PDF contains no (visible) version information or date :-(<br />Please, if you publish guidance, especially if you are an influential company, include a date in your documents. I treat a guidance form 2016 differently than a guidance from 2023</p><p>Back to the recommendations. Most of the are solid but some stick out</p><p>1. Maintain an 8-character minimum</p><p>That seem awfully short. <a href=\"https://infosec.exchange/tags/NIST\" class=\"mention hashtag\" rel=\"tag\">#<span>NIST</span></a> states "Longer is better", the <a href=\"https://infosec.exchange/tags/HPI\" class=\"mention hashtag\" rel=\"tag\">#<span>HPI</span></a> recommends 15+ characters and, wait for it, Microsoft themself recommends 12 or better 14+ characters.</p><p>4. Ban common passwords, to keep the most vulnerable passwords out of your system.</p><p>The <a href=\"https://infosec.exchange/tags/NIST\" class=\"mention hashtag\" rel=\"tag\">#<span>NIST</span></a> recommendation check against "commonly used and compromised passwords" considerably extends this!</p><p>Microsoft at other places recommends "Not a word that can be found in a dictionary or the name of a person, character, product, or organization."</p><p>5. Educate your users not to re-use their password for non-work-related purposes.</p><p>Work related reuse is OK????</p><p>I would love to know if <a href=\"https://infosec.exchange/tags/Microsoft\" class=\"mention hashtag\" rel=\"tag\">#<span>Microsoft</span></a> internally really follows these password rule. Or if they enforce a stricter set. If anyone knows about this, please let me know (but don't if this would get you fired)</p><p>BTW, the other place where Microsoft recommends a different/stronger set of password rules is here (again no date):<br /><a href=\"https://support.microsoft.com/en-us/windows/create-and-use-strong-passwords-c5cebb49-8c53-4f5e-2bc4-fe357ca048eb\" target=\"_blank\" rel=\"nofollow noopener\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"ellipsis\">support.microsoft.com/en-us/wi</span><span class=\"invisible\">ndows/create-and-use-strong-passwords-c5cebb49-8c53-4f5e-2bc4-fe357ca048eb</span></a></p><p><a href=\"https://infosec.exchange/tags/Cybersecurity\" class=\"mention hashtag\" rel=\"tag\">#<span>Cybersecurity</span></a> <a href=\"https://infosec.exchange/tags/Fail\" class=\"mention hashtag\" rel=\"tag\">#<span>Fail</span></a> <a href=\"https://infosec.exchange/tags/SecurityFail\" class=\"mention hashtag\" rel=\"tag\">#<span>SecurityFail</span></a></p>",
"contentMap": {
"en": "<p>Moving on to <a href=\"https://infosec.exchange/tags/Password\" class=\"mention hashtag\" rel=\"tag\">#<span>Password</span></a> <a href=\"https://infosec.exchange/tags/Guidance\" class=\"mention hashtag\" rel=\"tag\">#<span>Guidance</span></a> in general</p><p>Microsoft offers the following Password Guidance<br /><a href=\"https://www.microsoft.com/en-us/research/publication/password-guidance/\" target=\"_blank\" rel=\"nofollow noopener\" translate=\"no\"><span class=\"invisible\">https://www.</span><span class=\"ellipsis\">microsoft.com/en-us/research/p</span><span class=\"invisible\">ublication/password-guidance/</span></a></p><p>Side note, the PDF contains no (visible) version information or date :-(<br />Please, if you publish guidance, especially if you are an influential company, include a date in your documents. I treat a guidance form 2016 differently than a guidance from 2023</p><p>Back to the recommendations. Most of the are solid but some stick out</p><p>1. Maintain an 8-character minimum</p><p>That seem awfully short. <a href=\"https://infosec.exchange/tags/NIST\" class=\"mention hashtag\" rel=\"tag\">#<span>NIST</span></a> states "Longer is better", the <a href=\"https://infosec.exchange/tags/HPI\" class=\"mention hashtag\" rel=\"tag\">#<span>HPI</span></a> recommends 15+ characters and, wait for it, Microsoft themself recommends 12 or better 14+ characters.</p><p>4. Ban common passwords, to keep the most vulnerable passwords out of your system.</p><p>The <a href=\"https://infosec.exchange/tags/NIST\" class=\"mention hashtag\" rel=\"tag\">#<span>NIST</span></a> recommendation check against "commonly used and compromised passwords" considerably extends this!</p><p>Microsoft at other places recommends "Not a word that can be found in a dictionary or the name of a person, character, product, or organization."</p><p>5. Educate your users not to re-use their password for non-work-related purposes.</p><p>Work related reuse is OK????</p><p>I would love to know if <a href=\"https://infosec.exchange/tags/Microsoft\" class=\"mention hashtag\" rel=\"tag\">#<span>Microsoft</span></a> internally really follows these password rule. Or if they enforce a stricter set. If anyone knows about this, please let me know (but don't if this would get you fired)</p><p>BTW, the other place where Microsoft recommends a different/stronger set of password rules is here (again no date):<br /><a href=\"https://support.microsoft.com/en-us/windows/create-and-use-strong-passwords-c5cebb49-8c53-4f5e-2bc4-fe357ca048eb\" target=\"_blank\" rel=\"nofollow noopener\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"ellipsis\">support.microsoft.com/en-us/wi</span><span class=\"invisible\">ndows/create-and-use-strong-passwords-c5cebb49-8c53-4f5e-2bc4-fe357ca048eb</span></a></p><p><a href=\"https://infosec.exchange/tags/Cybersecurity\" class=\"mention hashtag\" rel=\"tag\">#<span>Cybersecurity</span></a> <a href=\"https://infosec.exchange/tags/Fail\" class=\"mention hashtag\" rel=\"tag\">#<span>Fail</span></a> <a href=\"https://infosec.exchange/tags/SecurityFail\" class=\"mention hashtag\" rel=\"tag\">#<span>SecurityFail</span></a></p>"
},
"updated": "2024-05-08T08:07:04Z",
"attachment": [
{
"type": "Document",
"mediaType": "image/png",
"url": "https://media.infosec.exchange/infosec.exchange/media_attachments/files/111/622/746/133/780/214/original/0dd6b8e0fc6ad16d.png",
"name": "Screenshot of the \n\n1. Maintain an 8-character minimum length requirement (and longer is not necessarily better).\n2. Eliminate character-composition requirements.\n3. Eliminate mandatory periodic password resets for user accounts.\n4. Ban common passwords, to keep the most vulnerable passwords out of your system.\n5. Educate your users not to re-use their password for non-work-related purposes.\n6. Enforce registration for multi-factor authentication.\n7. Enable risk based multi-factor authentication challenges.\n",
"blurhash": "U8R{#?00?bxuofxuRjay?bt7M{t7WBxuayRj",
"focalPoint": [
-1,
0.21
],
"width": 752,
"height": 190
}
],
"tag": [
{
"type": "Hashtag",
"href": "https://infosec.exchange/tags/password",
"name": "#password"
},
{
"type": "Hashtag",
"href": "https://infosec.exchange/tags/guidance",
"name": "#guidance"
},
{
"type": "Hashtag",
"href": "https://infosec.exchange/tags/nist",
"name": "#nist"
},
{
"type": "Hashtag",
"href": "https://infosec.exchange/tags/hpi",
"name": "#hpi"
},
{
"type": "Hashtag",
"href": "https://infosec.exchange/tags/microsoft",
"name": "#microsoft"
},
{
"type": "Hashtag",
"href": "https://infosec.exchange/tags/cybersecurity",
"name": "#cybersecurity"
},
{
"type": "Hashtag",
"href": "https://infosec.exchange/tags/fail",
"name": "#fail"
},
{
"type": "Hashtag",
"href": "https://infosec.exchange/tags/securityfail",
"name": "#securityfail"
}
],
"replies": {
"id": "https://infosec.exchange/users/realn2s/statuses/111622856327656104/replies",
"type": "Collection",
"first": {
"type": "CollectionPage",
"next": "https://infosec.exchange/users/realn2s/statuses/111622856327656104/replies?min_id=111724811831789469&page=true",
"partOf": "https://infosec.exchange/users/realn2s/statuses/111622856327656104/replies",
"items": [
"https://infosec.exchange/users/realn2s/statuses/111724811831789469"
]
}
},
"likes": {
"id": "https://infosec.exchange/users/realn2s/statuses/111622856327656104/likes",
"type": "Collection",
"totalItems": 2
},
"shares": {
"id": "https://infosec.exchange/users/realn2s/statuses/111622856327656104/shares",
"type": "Collection",
"totalItems": 2
}
}