infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

curl - Out of bounds read for cookie path

https://curl.se/docs/CVE-2025-9086.html

Found via Google Big Sleep:

https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html
this post | permalink
[RSS] FFmpeg - Heap-buffer-overflow write in jpeg2000dec

https://github.com/google/security-research/security/advisories/GHSA-39q3-f8jq-v6mg

CVE-2025-9951
this post | permalink
[RSS] unpacking Dell's iDRAC schtuff

https://trouble.org/?p=1383
this post | permalink
[RSS] hidden functionality in spyro the dragon

https://banyaszvonat.github.io/breaking-videogames/2025/09/07/hidden-functionality-in-spyro-the-dragon.html

#Disgaea #GameHacking
this post | permalink
[RSS] Running code in a PAX Credit Card Payment Machine (part1) | Lets Hack It

https://lucasteske.dev/2025/09/running-code-in-pax-machines
this post | permalink
[RSS] Windows Internals: Secure Calls - The Bridge Between NT and SK

https://connormcgarr.github.io/secure-calls-and-skbridge/
this post | permalink
@VulpineAmethyst @h0ng10 @micahflee This is a totally different question (even assuming the server is not intentionally lying...), please don't go down this rabbit hole (I've been there a bunch of times and it doesn't lead anywhere).
this post | permalink
@h0ng10 @micahflee This is a fairly common mistake too and causes a lot of bullshit work for security teams. A banner string (*especially* in case of Apache HTTPd) doesn't mean anything, so unless you can demonstrate the presence of a vulnerability this is nothing (aka PoC||GTFO).

In addition the cited CVE-2024-38476 likely requires a specific config to be exploitable (although no details are published yet, I base this assessment on the other vulns explained):

https://devco.re/blog/2024/08/09/confusion-attacks-exploiting-hidden-semantic-ambiguity-in-apache-http-server-en/
this post | permalink
@gsuberland if this isn't the science result of the week I don't know what is!
this post | permalink
@FritzAdalis @Sempf ok we'll just need 4 more quantum computers
this post | permalink
Next Page