infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@wirepair yeah it's tricky, you have to gain some circular momentum below and bend over the bar a bit
this post | permalink
#JeSuisLampshade #AlligatorCon
this post | permalink
Security mitigation for the Common Log Filesystem (CLFS)

https://techcommunity.microsoft.com/t5/security-compliance-and-identity/security-mitigation-for-the-common-log-filesystem-clfs/ba-p/4224041?s=09

#windows
this post | permalink
"Today, the White House Office of the National Cyber Director (ONCD) released a Roadmap to Enhancing Internet Routing Security, which aims to address a key security vulnerability associated with the Border Gateway Protocol (#BGP) "

https://www.whitehouse.gov/oncd/briefing-room/2024/09/03/press-release-white-house-office-of-the-national-cyber-director-releases-roadmap-to-enhance-internet-routing-security/?s=09
this post | permalink
If you plan to meet some hackers in Krakow this week check your e-mail, esp. your spam folder!

#AlligatorCon
this post | permalink
@cynicalsecurity

IMO a major difference here is that TLS auth never meant to guarantee anything about the intentions of the other party, so crooks obtaining certs (for money or free) is not something to be fixed. This means, that communicating that lock==trust has been plain wrong (see also signed .exe==goodware).

In case of security keys attacks like the current one aren't supposed to happen and there is an incentive to fix/prevent such issues. This of course should not mean that we should blindly trust these devices (as you pointed out) but I'd argue that the concepts the industry communicates (separate your keys from your computer; prevent duplication...) are mostly right in this case ("save your keys in the cloud" is an obvious counter example).

@bgergely0 @dotstdy @whitequark
this post | permalink
[RSS] Deep Dive into RCU Race Condition: Analysis of TCP-AO UAF (CVE-2024–27394)

https://blog.theori.io/deep-dive-into-rcu-race-condition-analysis-of-tcp-ao-uaf-cve-2024-27394-f40508b84c42?source=rss-4b564abdafa3------2

#linux
this post | permalink
s/middleware/dark matter/
this post | permalink
@lethalbit C->Pascal transpiler!
this post | permalink
@circuit_cat @capnhoppy "whoa! what instance do you live in?" this happens when you navigate away from your instance, typically in a webview e.g. by clicking a quoted post. in that case you navigate to another instance that has 0 info about your session or your home instance so it'll try to redirect you.
this post | permalink
Next Page