infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

ClamAV 1.4.3 and 1.0.9 security patch versions published

https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html

CVE-2025-20260
CVE-2025-20234
+1 upstream vuln in lzma-sdk
this post | permalink
@mwichary @darkphoenix TIL about C trigraphs :O
this post | permalink
@mwichary I don't want to argue about your perception, you do you. Still find the topic worthy of discussion!
this post | permalink
@mwichary @darkphoenix It's strange you call one commenter a "know-it-all" while acknowledging others bringing up the same issue (maybe Fedi is playing me?). I think the topic of "effortless markup" you brought up is really interesting and becomes even more interesting if we take into account other layouts. My quick idea: does every layout have "." without modifier?

(slightly related: I recently learned that C syntax differs so wildly from Pascal, because the former was designed by US keyboard users while the latter was from EU)
this post | permalink
[RSS] Sleepless Strings - Template Injection in Insomnia

https://tantosec.com/blog/2025/06/insomnia-api-client-template-injection/
this post | permalink
@sawaba Or _maybe_ this is a subtle message to some _other_ companies that make LLMs write unsubstantiated content about their/competitor products??
this post | permalink
[RSS] Exploiting the Tesla Wall connector from its charge port connector

https://www.synacktiv.com/en/publications/exploiting-the-tesla-wall-connector-from-its-charge-port-connector
this post | permalink
👷 After 15 years of entrepreneurship and a few months of sabbatical I'm looking for a regular old job.

My ideal role would be primarily technical, aimed to dissect software to uncover vulnerabilities. Beyond bug mining I'd love to learn to mine better and make new kinds of pickaxes.

My public works and contact info are on my homepage:

https://scrapco.de

Get in touch if you want to know more!

Boosts are appreciated! #FediHire
this post | permalink
The latest #IBMi LPE bulletins are now correctly attributed to @silentsignal :

https://www.ibm.com/support/pages/node/7236663 - CVE-2025-33108

https://www.ibm.com/support/pages/node/7237040 - CVE-2025-33122
this post | permalink
@sawaba "We can re-prompt when our research question about a security product or technology doesn’t yield the answer we wanted." why do they ask the question if they already know what answer they want? Also "wanting" a particular answer sounds very stupid to me...
this post | permalink
Next Page