infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@gsuberland @invoxiplaygames.uk Calling this RCE is at least consistent with MS's own taxonomy (see previous Office vulns). CVSS UI:R is also a meaningful datapoint for those parsing their feed.
this post | permalink
@G33KatWork MS be like
this post | permalink
[RSS] Shellcode as 'XML'

https://tmpest.dev/shellcode_as_xml.html
this post | permalink
[RSS] Strengthening the Foundation: A Joint Security Review of Intel TDX 1.5

https://bughunters.google.com/blog/a-joint-security-review-of-intel-tdx-15
this post | permalink
[RSS] Intego X9: When your macOS antivirus becomes your enemy

http://blog.quarkslab.com/intego_lpe_macos_1.html
this post | permalink
#Ghidra 12.0.3 released:

https://github.com/NationalSecurityAgency/ghidra/blob/Ghidra_12.0.3_build/Ghidra/Configurations/Public_Release/src/global/docs/ChangeHistory.md

Looks like a fix to a cute little vulnerability too: it seems you could make users execute your commands via @execute annotations in Listings :)
this post | permalink
@corbet Blocked and reported to @kagihq SlopStop: https://help.kagi.com/kagi/features/slopstop.html
this post | permalink
#Keycloak CVE-2026-1529: "lack of cryptographic signature verification allows the attacker to successfully self-register into an unauthorized organization, leading to unauthorized access."

https://access.redhat.com/security/cve/cve-2026-1529

#JWT
this post | permalink
Rust Crate: It's very easy to use me, here's a definition: ...

Me: I don't even know how to type half of these characters :S
this post | permalink
@troed

No that I disagree, but I think OP is (at least in part) about scaring away volunteer contributors where nothing vs. something can make a difference. You probably won't start building a sand castle in the dog park.

@chainq
this post | permalink
Next Page