infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

[RSS] Firefox / WebRTC Encoded Transforms: UAF via undetached ArrayBuffer / CVE-2025-1432

https://aisle.com/blog/firefox-webrtc-encoded-transforms-uaf-via-undetached-arraybuffer-cve-2025-14321
this post | permalink
@singe Right? I'm also glad we have oss-sec where these discussions can actually happen! I always recover some of my hope for humanity when Solar Designer enters even the most ridiculous thread in the most polite and level-headed way.
this post | permalink
[RSS] Dead Ends, Red Herrings, and Failures In Our Time

https://www.hoyahaxa.com/2026/01/dead-ends-red-herrings-and-failures-in.html

(ColdFusion research #fail)
this post | permalink
[RSS] Pwn2Own Automotive 2026 - Day Three Results and the Master of Pwn

https://www.thezdi.com/blog/2026/1/23/pwn2own-automotive-2026-day-three-results-and-the-master-of-pwn
this post | permalink
@mousey @jpm @Viss
this post | permalink
@adamshostack This is the same "smell" I mention: it's likely not just Telnet, meaning that sniffing (which can absolutely happen, just not as often as e.g. admin:admin) is probably pretty low on the priority list. I've also seen higher prio bugs like this finally pushing teams to get rid of the nasty stuff altogether, but that's not always possible (vendor lock-in on critical systems yaay).
this post | permalink
@adamshostack I've been hunting for unencrypted services (among other things) on LANs for 15+ years and Telnet is still there. Yet the only real-world incident involving network interception I can recall post-2010 is "SSL added and removed here" of Snowden fame (happy to hear about more!), while auth bypasses/RCEs are common culprits in breaches.

Telnet has an awful smell for sure, but when you sit on a smelly network, it's reasonable to ask: "would attackers actually exploit this?" A bypass like this changes the answer.
this post | permalink
[LWN] Responses to gpg.fail

https://lwn.net/SubscriberLink/1054220/c6f98b90a009fca2/
this post | permalink
Rust 1.93.0 now provides much more helpful error messages when associated types miss lifetimes:

Thanks again to @ekuber for picking up my original report:

https://github.com/mainmatter/100-exercises-to-learn-rust/issues/245
this post | permalink
[RSS] Ticket to Shell: Exploiting PHP Filters and CNEXT in osTicket (CVE-2026-22200)

https://horizon3.ai/attack-research/attack-blogs/ticket-to-shell-exploiting-php-filters-and-cnext-in-osticket-cve-2026-22200/
this post | permalink
Next Page