infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@raptor cc @gergelykalman
this post | permalink
[RSS] A Quick Note on CVE-2025-38617

https://u1f383.github.io/android/2025/08/28/a-quick-note-on-CVE-2025-38617.html
this post | permalink
I combined DEVCORE's CVE-2024-35250 with the CVE-2024-30084 double fetch bug and the Cloud Filter memory trap technique by @tiraniddo to achieve reliable LPE without device requirements on Win10 VMs.

https://scrapco.de/blog/its-a-trap-reliable-exploitation-of-cve-2024-30084.html
this post | permalink
#Ghidra 11.4.2 is out:

https://github.com/NationalSecurityAgency/ghidra/releases/tag/Ghidra_11.4.2_build
this post | permalink
@schrotthaufen Most likely. It's the first time I saw the actual crap it produced (in the published court docs) and I'm outraged.
this post | permalink
"Our safeguards work **more reliably** in **common**, **short** exchanges. We have learned over time that these safeguards can **sometimes** be **less reliable** in **long** interactions: as the back-and-forth grows, **parts** of the model’s safety training **may** degrade."
this post | permalink
Look at the rate of weasel wording in OpenAI's not-really-apology:

https://openai.com/index/helping-people-when-they-need-it-most/

I'm sick and tired of people pretending they have ways to enforce LLM behavior, while all they do is weigh dices differently - they remain dices.

Trying to enforce security boundaries with a PRNG is one thing, but you definitely can't prevent reinforcing harmful behavior, because you can't even define what it is.

And this can cost lives, as we just witnessed.
this post | permalink
[RSS] The One Where We Just Steal The Vulnerabilities (CrushFTP CVE-2025-54309) - watchTowr Labs

https://labs.watchtowr.com/the-one-where-we-just-steal-the-vulnerabilities-crushftp-cve-2025-54309
this post | permalink
In a somewhat better world this ChatGPT suicide case should at minimum trigger resignations from OpenAI top brass. This won't happen of course, showing what kind of people we are dealing with there.

And yes, this case is different from finding similar information via search engines, because search engines don't pretend to be people who care about you.
this post | permalink
@azonenberg That would spoil the surprise!
this post | permalink
Next Page