infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

[RSS] Lucid Dreams II: Harness Development

https://h0mbre.github.io/Lucid_Dreams_2/

#fuzzing
this post | permalink
@lcamtuf I'd choose that any day instead of Copilot
this post | permalink
I'm really curious how libtiff is embedded in Windows so that CVE-2016-9535 could apparently lead to RCE in 2025

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-9535
this post | permalink
@sassdawe Sorry, I need more coffee...
this post | permalink
@sassdawe "What threat?" -> The CVE-2025-47827 Secure Boot bypass is marked as exploited itw, but I'm not sure how that relates to Lenovo.
this post | permalink
Stats:
- Rewrite done in 45 mins (incl. coffee)
- LoC 200 -> 110
- Complexity ~halved (two-pass -> single-pass processing)
- I actually know what the code does
this post | permalink
I think it was @david_chisnall who pointed out earlier that coding LLM's will become much less useful when we stop doing (expensive) training to keep up with breaking changes in API's.

Well, I just spent two hours trying to fix some code that was buggy because the API changed less than a year ago and came to the decision of reading the F manual and write that 200 LoC myself.

(to be fair, I think this would work if the LLM had access to a complier and runtime)
this post | permalink
[RSS] The October 2025 Security Update Review [by ZDI]

https://www.thezdi.com/blog/2025/10/14/the-october-2025-security-update-review
this post | permalink
Give this guy a Nobel Prize (any field would do)

https://www.youtube.com/watch?v=z-8JELUcjMM
this post | permalink
[RSS] Oops! It's a kernel stack use-after-free: Exploiting NVIDIA's GPU Linux drivers

http://blog.quarkslab.com/nvidia_gpu_kernel_vmalloc_exploit.html
this post | permalink
Next Page