infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

WAFFLED: Exploiting Parsing Discrepancies to Bypass Web Application Firewalls [PDF]

https://arxiv.org/pdf/2503.10846v1
this post | permalink
[RSS] Remembering Chiptunes, the Demoscene and the Illegal Music of Keygens

https://hackaday.com/2025/07/20/remembering-chiptunes-the-demoscene-and-the-illegal-music-of-keygens/
this post | permalink
[RSS] The case of the invalid instruction exception on an instruction that should never have executed

https://devblogs.microsoft.com/oldnewthing/20250718-00/?p=111390
this post | permalink
[RSS] Trigon: exploiting coprocessors for fun and for profit (part 2)

#iOS

https://alfiecg.uk/2025/07/16/Trigon.html
this post | permalink
In case you feel like singing into a megaphone: please don't!

#activism #ProTip
this post | permalink
[oss-security] Five new CVEs published for Cyberark Conjur OSS

https://seclists.org/oss-sec/2025/q3/49

CVE-2025-49827 CVE-2025-49828 CVE-2025-49829 CVE-2025-49830 CVE-2025-49831
this post | permalink
[RSS] Building secure messaging is hard: A nuanced take on the Bitchat security debate

https://blog.trailofbits.com/2025/07/18/building-secure-messaging-is-hard-a-nuanced-take-on-the-bitchat-security-debate/
this post | permalink
CVE-2025-23267:A vulnerability in NVIDIA Container Toolkit can lead to container escape.

https://www.openwall.com/lists/oss-security/2025/07/16/3

Looking at this and CVE-2025-23266 makes me wonder: was NVIDIA's GPU sandbox vibe-coded?

#VibeCoding #AI #YOLO
this post | permalink
CVE-2025-30761:A vulnerability in JDK's Nashorn Allows for Arbitrary Code Execution

https://seclists.org/oss-sec/2025/q3/43

Ooooh I love this! Can't wait to see the details....

#Java #JavaScript
this post | permalink
@oscherler @mcc I think part of the problem is that the concept of FTP is becoming lost knowledge... Btw. do providers these days have SCP services exposed (with pubkey auth and whatnot) or is it FTP XOR WebAPI?
this post | permalink
Next Page