infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

[RSS] CVE-2025-32756: Low-Rise Jeans are Back and so are Buffer Overflows [Fortinet]

https://horizon3.ai/attack-research/attack-blogs/cve-2025-32756-low-rise-jeans-are-back-and-so-are-buffer-overflows/
this post | permalink
[RSS] Automating MS-RPC vulnerability research

https://www.incendium.rocks/posts/Automating-MS-RPC-Vulnerability-Research/
this post | permalink
[RSS] The Windows Registry Adventure #7: Attack surface analysis

https://googleprojectzero.blogspot.com/2025/05/the-windows-registry-adventure-7-attack-surface.html
this post | permalink
[RSS] Bypassing MTE with CVE-2025-0072

https://github.blog/security/vulnerability-research/bypassing-mte-with-cve-2025-0072/
this post | permalink
[RSS] Don't Call That "Protected" Method: Dissecting an N-Day vBulletin RCE

https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce
this post | permalink
Attacking EDRs Part 4: Fuzzing Defender's Scanning and Emulation Engine (mpengine.dll)

https://labs.infoguard.ch/posts/attacking_edr_part4_fuzzing_defender_scanning_and_emulation_engine/

Great to see snapshot #fuzzing successfully applied to another AV product!
this post | permalink
[RSS] Picking Apart IBM's $150 Billion In US Manufacturing And R&D

https://www.itjungle.com/2025/05/21/picking-apart-ibms-150-billion-in-us-manufacturing-and-rd/
this post | permalink
@kimzetter Thank you! So DOGE still doesn't have the authority but lower-ranking staff basically obey their requests that don't align with cabinet secretaries or agency heads? Why don't they just go full-on Cheryll on these requests?
this post | permalink
@kimzetter I didn't say you said that. The article have this line though:

"As federal agencies, *under the direction of DOGE*, continue to fire thousands of workers"

Also I read phrases like:
- "driven out"
- "pushed out"
- "sidelined" (in the Politico article)

I'm curious how this all looks in practice, incl. what formal authority DOGE has (e.g. can they formally direct agencies to do things?). Based on previous discussions my current understanding is that DOGE has no formal power, while people with actual power (e.g. management in agencies) make dumb decisions because DOGE looked them the wrong way.

I hope I am wrong. Based on the general quality of your reporting I hope you could explain the situation better or point me to some good resource.
this post | permalink
@kimzetter could you EIL5 (or give link(s)) what DOGE specifically does to get ppl fired? AFAICT they can't make HR decisions on Pentagons behalf, right?
this post | permalink
Next Page