infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@VulpineAmethyst @h0ng10 @micahflee This is a totally different question (even assuming the server is not intentionally lying...), please don't go down this rabbit hole (I've been there a bunch of times and it doesn't lead anywhere).
this post | permalink
@h0ng10 @micahflee This is a fairly common mistake too and causes a lot of bullshit work for security teams. A banner string (*especially* in case of Apache HTTPd) doesn't mean anything, so unless you can demonstrate the presence of a vulnerability this is nothing (aka PoC||GTFO).

In addition the cited CVE-2024-38476 likely requires a specific config to be exploitable (although no details are published yet, I base this assessment on the other vulns explained):

https://devco.re/blog/2024/08/09/confusion-attacks-exploiting-hidden-semantic-ambiguity-in-apache-http-server-en/
this post | permalink
@gsuberland if this isn't the science result of the week I don't know what is!
this post | permalink
@FritzAdalis @Sempf ok we'll just need 4 more quantum computers
this post | permalink
@IngloGamesDev I just had a non-programner friend telling me how he vibe coded a neat tool for himself and I wondered how ppl like him fit this picture.

Then I remembered an old saying about the difference between programming vs software dev is that the latter involves people and time (I'd appreciaye if someone could point me to the original). So I guess there are many hidden, personal projects from ppl who don't even know GitHub exists.

Do I think this worth the cost? No. But it's still a pretty remarkable thing!
this post | permalink
I just realized that I have an order of magnetude more bookmarks tagged with "llm" than "llmnr".

(Not having to deal with LLMNR is a good thing!)
this post | permalink
[RSS] The case of the crash on a null pointer even though we checked it for null

https://devblogs.microsoft.com/oldnewthing/20250905-00/?p=111560
this post | permalink
@lcamtuf This one by @eevee is still among my favorites for similar reasons: https://eev.ee/blog/2016/09/15/music-theory-for-nerds/

Also, @3blue1brown ...
this post | permalink
[Cloudflare] Addressing the unauthorized issuance of multiple TLS certificates for 1.1.1.1

https://blog.cloudflare.com/unauthorized-issuance-of-certificates-for-1-1-1-1/
this post | permalink
[RSS] Investigating a Mysteriously Malformed Authenticode Signature -- Elastic Security Labs

https://www.elastic.co/security-labs/malformed-authenticode-signature
this post | permalink
Next Page