infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

I just got the weirdest e-mail:

It's a lab result for someone else. It has a PDF attachment, but I can see nothing malicious in it. The sender domain exists and does lab stuff. I looked up the person in the document and he seems to exist (in the US).

I'd say this must be a typo, but my e-mail address has only the first character (and probably the domain) matching with the persons name. I highly doubt his internet handle is a short keyboard distance from my Hungarian handle.

I have two theories:

a. This is a highly sophisticated scam (but I don't see the scam part yet)
b. Copilot hallucinated my e-mail address (which is actually pretty easy to scrape from the web)
this post | permalink
@algernon @hongminhee "They need new content to "improve" the models." -> The easiest way to think about this is to consider some fast evolving library API. If you don't scrape+train constantly, you won't be able to generate code for the latest&greatest, so by this logic (incredibly costly) training *can never stop*.
this post | permalink
A 0-click exploit chain for the Pixel 9 /by @natashenka

Part 1.:
https://projectzero.google/2026/01/pixel-0-click-part-1.html

Part 2.:
https://projectzero.google/2026/01/pixel-0-click-part-2.html

Part 3.:
https://projectzero.google/2026/01/pixel-0-click-part-3.html
this post | permalink
"I hope you're fine and healthy. The reason I am writing this mail is to share a few of my experiments and research I've done to come up with a reasonable stack pivot detection for the Syd kernel. TL;DR I have failed and I have learned a lot."

https://www.openwall.com/lists/oss-security/2026/01/10/1

Messages like this give me some hope in humanity <3
this post | permalink
[RSS] CVE-2026-20965: Cymulate Research Labs Discovers Token Validation Flaw that Leads to Tenant-Wide RCE in Azure Windows Admin Center

https://cymulate.com/blog/cve-2026-20965-azure-windows-admin-center-tenant-wide-rce/
this post | permalink
#Ghidra 12.0.1 released, Change History:

https://github.com/NationalSecurityAgency/ghidra/blob/Ghidra_12.0.1_build/Ghidra/Configurations/Public_Release/src/global/docs/ChangeHistory.md
this post | permalink
@joxean @Xilokar ...but I meant this mostly as a joke :)
this post | permalink
@joxean @Xilokar malware, obviously! I'd also consider Electron itself as packing and I'm pretty sure there are other "IP protection" schemes under the hood...
this post | permalink
@joxean does MS Teams count?
this post | permalink
@algernon Most people don't have that much attention to detail (e.g. does the link I just posted work?)
this post | permalink
Next Page