infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

[RSS] Critical or Clickbait: GitHub Actions and Apache Tomcat RCE Vulnerabilities 2025

https://www.horizon3.ai/attack-research/attack-blogs/critical-or-clickbait-github-actions-and-apache-tomcat-rce-vulnerabilities-2025/
this post | permalink
[RSS] Discourse Backup Disclosure: Rails/nginx send_file Quirk

https://projectdiscovery.io/blog/discourse-backup-disclosure-rails-send_file-quirk

This is CVE-2024-53991
this post | permalink
[RSS] Last barrier destroyed, or compromise of Fuse Encryption Key for Intel Security Fuses

https://swarm.ptsecurity.com/last-barrier-destroyed-or-compromise-of-fuse-encryption-key-for-intel-security-fuses/
this post | permalink
@cR0w something something Steven Segal?
this post | permalink
[oss-security] [kubernetes] CVE-2024-7598: Network restriction bypass via race condition during namespace termination

https://seclists.org/oss-sec/2025/q1/234

"The order in which objects are deleted
during namespace termination is not defined, and it is possible for network
policies to be deleted before the pods that they protect." whoops :)
this post | permalink
@nbourdais @cR0w @greynoise It'd be actually interesting to see the distribution of HTTP response codes if that data is collected, because it is a straightforward signal for one of the requirements (read-only=false).
this post | permalink
@mcc @oblomov This sounds fun, you should get some VC funding!
this post | permalink
@cR0w @greynoise "GreyNoise observed exploitation attempts as early as March 11" -> Please note that PoC was publicly available since that way:

https://scrapco.de/blog/analysis-of-cve-2025-24813-apache-tomcat-path-equivalence-rce.html

Also note that even with HTTP response data it's not straightforward to conclude that:
- file based session management was configured
- there were useful gadget chains available
this post | permalink
@oblomov @mcc VibeLang? As in execution order depends on how the interpreter feels and all errors are handled somehow just to keep the thing going :)
this post | permalink
Up-to-date fork of Sourcetrail:

https://github.com/petermost/Sourcetrail

h/t @brk
this post | permalink
Next Page