infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

[RSS] The Story of a Perfect Exploit Chain: Six Bugs That Looked Harmless Until They Became Pre-Auth RCE in a Security Appliance

https://mehmetince.net/the-story-of-a-perfect-exploit-chain-six-bugs-that-looked-harmless-until-they-became-pre-auth-rce-in-a-security-appliance/
this post | permalink
@sassdawe Wow congrats!
this post | permalink
@addison It's obvious you have a lot to say :) I think the presentation was also very good (using sokoban as a model is spot on!), it's just that internalizing new perspectives takes time, and I think we were better off getting multiple highlights of ideas instead of working through any one of them during the time given - we have the recording, slides, etc. to dig deeper as we like.
this post | permalink
@addison Thanks for the great talk, definitely the most thought provoking one for me from this CCC! Have to watch it like 3 more times to get all the details though 😅
this post | permalink
@hanno As another datapoint, MOTW bypasses worth CVE's at MS (e.g. CVE-2025-24061). It's not the same ofc. as an automatic control is bypassed in such cases, but at the same time users could choose to bypass the control after a warning (which the CVE also bypasses).
this post | permalink
@murb @bert_hubert @signalapp Great, that can be a checkbox then! I'm also sure that support/M.W. didn't have to deal with as many angry Europeans if the us-east-1 only affected users over the pond :)
this post | permalink
@filippo @freddy @hanno I'll save this thread under "even your vendor doesn't approve CVSS" for future reference
this post | permalink
@embedding_shapes @rickoooooo nix-shell works though, leaving you with tasks that are too complex for that but don't justify a container. Now I'm sure that can be a deal-breaker too, but it's worth keeping in mind that there is room for ad-hoc tasks.
this post | permalink
@rislandr I had an account, forgot the pw, couldn't reregister the last time I tried...
this post | permalink
@hanno I'm bringing this up exactly because when CVSS will be assigned it will either show 0.0 or some really weird non-sense. The former would be likely a better, but still misleading scenario,. My bet is on MITRE publishing some non-sense though.
this post | permalink
Next Page