infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

[RSS] CFCamp 2025 Slides - Understanding CFML Vulnerabilities, Exploits, and Attack Paths

https://www.hoyahaxa.com/2025/06/cfcamp-2025-slides-understanding-cfml.html

#coldfusion
this post | permalink
I updated the generated #Ghidra documentation I host for 11.4:

https://scrapco.de/ghidra_docs/

Here's the documentation for Decompiler Taint Operations:

https://scrapco.de/ghidra_docs/Features/DecompilerDependent/DecompilerTaint/DecompilerTaint.html
this post | permalink
#Ghidra 11.4 released with support for (external) taint engines in the decompiler:

https://github.com/NationalSecurityAgency/ghidra/releases/tag/Ghidra_11.4_build
this post | permalink
@nflnfl and they were 100% right!
this post | permalink
@Viss F1 is the new U2
this post | permalink
@Viss @neurovagrant @dangoodin I think a better analogy would be Stagefright where target diversity was a major factor blocking widespread abuse IIRC: based on my recent experiments with side-channels, target HW can have significant effects.

FTR, this is an example of targeting end-user applications:

https://www.youtube.com/watch?v=ugZzQvXUTIk

And don't forget: as SW mitigations (or even HW assisted ones) get better, attackers may turn to more "painful" alternatives...
this post | permalink
[RSS] Abusing copyright strings to trick software into thinking it's running on your competitor's PC

https://devblogs.microsoft.com/oldnewthing/20250624-00/?p=111299

#warez
this post | permalink
@bagder Sounds plausible, although that sounds like lots of work to dig up an unrelated e-mail address :)
this post | permalink
@bagder I'm dying to know
- what the problem was
- how did this person end up emailing you (are gasoline sensors queried with curl in Opel Astra??)
this post | permalink
@algernon ...bár belegondolva (meg megnézve a kódot) ez lényegében egy elosztott cache az EMMA elé, szóval még segíthet is szegény MÁV-os szervereknek!
this post | permalink
Next Page