infosex.exchange <3
You are probably looking for the infosec.exchange Mastodon instance
This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.
Discoverability and Archiving
Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.
Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.
Gluttony Section for Search Engines
@froge @hacks4pancakes It depends how you define the "market". If you have pentests/a SOC solely because they're regulatory requirements, your perfect provider is one with a gang of amateurs working for peanuts. It's not only cheaper than the alternative, but you won't even have to deal with non-trivial vulnerabilities/alerts!
(Yes, there are is such a market.)
@hacks4pancakes "none of the jobs I just named are the typical entry level tracks of 'junior pen tester' and 'SOC analyst'"
I can only talk about pentesting but my stance has for long been that pentesting shouldn't have been an entry level position in the first place. Inviting people to this path with 0 experience in dev or ops is a scam that has long-term negative effects on the industry as a whole.
@wdormann @cy @cR0w I'm not saying pw guessing is not in the picture, but metadata can be a good prefilter (and also something to count with when testing).
@wdormann @cy @cR0w Not sure this came up while I was sleeping, but regular ZIP archives don't encrypt metadata (file names) so "trying to send an executable in a pw protected archive" may be grounds for a block too.
This follow-up to CVE-2024-57882 by Solar Designer also worth reading:
https://seclists.org/oss-sec/2025/q2/3"A reason CVE-2024-57882 may have stayed unpatched in a distro is it could have been wrongly believed to be a NULL pointer dereference only due to a specific crash reported by Syzbot."
"net.mptcp.enabled can be set from inside an unprivileged net namespace"
@GossiTheDog @cisakevtracker Thanks for the heads up! I'm quite skeptical though given the previous FUD reports, can't wait to see more info about any observed attacks!
@kajer @256 Good one! .HLP was also a vector for a long time, pretty sure there was some parser bug in the thumbnailer, *gestures wildly* Internet Explorer...
@kajer @256 I'm like 3 minutes in, and I remember at least 3 remotely exploitable vulnerabilities in the presented features, fun times!
Next Page