infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

[oss-security] Five new CVEs published for Cyberark Conjur OSS

https://seclists.org/oss-sec/2025/q3/49

CVE-2025-49827 CVE-2025-49828 CVE-2025-49829 CVE-2025-49830 CVE-2025-49831
this post | permalink
[RSS] Building secure messaging is hard: A nuanced take on the Bitchat security debate

https://blog.trailofbits.com/2025/07/18/building-secure-messaging-is-hard-a-nuanced-take-on-the-bitchat-security-debate/
this post | permalink
CVE-2025-23267:A vulnerability in NVIDIA Container Toolkit can lead to container escape.

https://www.openwall.com/lists/oss-security/2025/07/16/3

Looking at this and CVE-2025-23266 makes me wonder: was NVIDIA's GPU sandbox vibe-coded?

#VibeCoding #AI #YOLO
this post | permalink
CVE-2025-30761:A vulnerability in JDK's Nashorn Allows for Arbitrary Code Execution

https://seclists.org/oss-sec/2025/q3/43

Ooooh I love this! Can't wait to see the details....

#Java #JavaScript
this post | permalink
@oscherler @mcc I think part of the problem is that the concept of FTP is becoming lost knowledge... Btw. do providers these days have SCP services exposed (with pubkey auth and whatnot) or is it FTP XOR WebAPI?
this post | permalink
@mcc
this post | permalink
@danzin "Any fuzzer at all, no matter how primitive, has a
better chance of finding a bug than an idle CPU core."

https://fuzzinginfo.wordpress.com/wp-content/uploads/2012/05/ben_nagy_how_to_fail_at_fuzzing.pdf

Good luck ;)
this post | permalink
[RSS] Automated Function ID Database Generation in #Ghidra on Windows

Handy #PowerShell tooling by EQ

https://blog.mantrainfosec.com/blog/17/automated-function-id-database-generation-in-ghidra-on-windows
this post | permalink
[RSS] My `Blind Date` with CVE-2025-29824

Another Windows CLFS exploit

https://starlabs.sg/blog/2025/07-my-blind-date-with-cve-2025-29824/
this post | permalink
[RSS] NINA - A service letting AOL, AIM, ICQ and soon Skype live again by reverse-engineering their protocols.

https://nina.chat/
this post | permalink
Next Page