infosex.exchange <3
You are probably looking for the infosec.exchange Mastodon instance
This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.
Discoverability and Archiving
Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.
Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.
Gluttony Section for Search Engines
@cygnus-xr1 Nice noises :) I'm afraid I couldn't even turn the thing on though...
Command injection in a qmail fork (not the original!) - CVE-2026-41113:
"On the wire, a DNS label is just a length byte followed by up to 63 arbitrary bytes; RFC 1035 lets you put nearly anything in there, and most recursive resolvers will happily pass it through."
https://blog.calif.io/p/we-asked-claude-to-audit-sagredos#LLM
@PurpleJillybeans There are pretty good Java decompilers out there (e.g. jd-gui), so you don't have to mess with the bytecode.
This was a fun night :)
https://www.youtube.com/watch?v=6eJubuyFmSA(The club was of course shut down by our former fascist govt, but hopefully in the future they will focus more on actual criminal crackheads and their dealers instead of ravers)
Current stats:
* Bugs found in target: 1
* Bugs found in bug discovery tools: 4
@dsp @badkeys That's a limitation of DNS, and management UI's can make configuring larger strings quite frustrating. My favorite is when parts of the base64 gibberish are mixed up in the DNS response so you can see that there is something that *looks like* your public key, yet it won't verify your messages.
Next Page