infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@tiredhorizon “There’s an infinite number of monkeys outside who want to talk to us about this script for Hamlet they’ve worked out.”
this post | permalink
SEC Consult SA-20241030-0 :: Query Filter Injection in Ping Identity PingIDM (formerly known as ForgeRock Identity Management) (CVE-2024-23600)

https://seclists.org/fulldisclosure/2024/Oct/18
this post | permalink
It was weird that I couldn't find in this Sophos report *what* was actually exploited aside of CVEs and codenames... then CVE info showed they were Sophos devices :P

https://news.sophos.com/en-us/2024/10/31/pacific-rim-timeline/
this post | permalink
[Dailydave] Old Infosec Talks: Metlstorm's Take on Hacky Hacking

https://seclists.org/dailydave/2024/q4/1
this post | permalink
[RSS] Using AFL++ on bug bounty programs: an example with Gnome libsoup (2024.10.30)

https://offsec.almond.consulting/using-aflplusplus-on-bug-bounty-programs-an-example-with-gnome-libsoup.html
this post | permalink
[RSS] Give Me the Green Light Part 2: Dirty Little Secrets

https://www.redthreatsec.com/blog/give-me-the-green-light-part2-dirty-little-secrets
this post | permalink
[RSS] Paranoids' Vulnerability Research: NetIQ iManager Security Alerts | Paranoids | Yahoo Inc.

https://www.yahooinc.com/paranoids/paranoids-vulnerability-research-netiq-imanager-security-alerts
this post | permalink
[RSS] Exploiting a Blind Format String Vulnerability in Modern Binaries: A Case Study from Pwn2Own Ireland 2024

https://www.synacktiv.com/en/publications/exploiting-a-blind-format-string-vulnerability-in-modern-binaries-a-case-study-from
this post | permalink
mpg123 buffer overflow in versions before 1.32.8

https://seclists.org/oss-sec/2024/q4/45

#NoCVE yet
this post | permalink
@egypt "There is no scientific consensus that life is important" prof. Hubert Farnsworth
this post | permalink
Next Page