infosex.exchange <3
You are probably looking for the infosec.exchange Mastodon instance
This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.
Discoverability and Archiving
Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.
Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.
Gluttony Section for Search Engines
[FD] PlayReady Activation protocol issues (weak auth / fake client identities)
https://seclists.org/fulldisclosure/2025/Aug/3"PlayReady Activation service does not implement real authentication, but
some form of obfuscated identification scheme [...] Arbitrary PlayReady identity can be requested by the client through public API" and more...
Oh shit it's Patch Tuesday...
@borup It's also good to remember that the EU still did nothing to stop this malpractice.
(I'd also argue again that the regulation is bad if malicious actors can abuse it while low-resource ones simply follow the path of least resistance because they lack the required understanding/skills)
#HillsToDieOn
/me @ the How Did This Ever Work?! phase, with the added excitement that the same code in a different script still works
(now that file is a sacred artifact that must be protected by all costs)
[FD] Kigen eUICC issue (custom backdoor vs. FW update bug)
https://seclists.org/fulldisclosure/2025/Aug/4"we suggest Kigen customers to request information pertaining to all secret / shared keys embedded in Kigen eUICC FW and ECASD domain"
@cR0w @catsalad wow, people still submit stuff to EDB (and it gets published)? :O
Next Page