infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@b0rk Not exactly, but a privileged binary can take it granted that `ls` always executes `/bin/ls`, but runs an attacker provided executable instead (very stupid, but real example). Now this usually happens without switching a "PATH provider", but my gut feeling is that having "one central place" for PATH processing would've prevented at least some of these issues.
this post | permalink
@b0rk I think exploits passing e.g. PATH=. instead of the expected system value (e.g. via misconfigured sudo) can be called a "problem" :)
this post | permalink
@virtualabs I have no clue but GH discussions are regularly answered by devs, usually worth to ask there too.
this post | permalink
[RSS] DBus and Polkit Introduction

https://u1f383.github.io/linux/2025/05/25/dbus-and-polkit-introduction.html

With analysis of CVE-2025-23222 and CVE-2021-3560
this post | permalink
[RSS] CVE-2025-32756: Low-Rise Jeans are Back and so are Buffer Overflows [Fortinet]

https://horizon3.ai/attack-research/attack-blogs/cve-2025-32756-low-rise-jeans-are-back-and-so-are-buffer-overflows/
this post | permalink
[RSS] Automating MS-RPC vulnerability research

https://www.incendium.rocks/posts/Automating-MS-RPC-Vulnerability-Research/
this post | permalink
[RSS] The Windows Registry Adventure #7: Attack surface analysis

https://googleprojectzero.blogspot.com/2025/05/the-windows-registry-adventure-7-attack-surface.html
this post | permalink
[RSS] Bypassing MTE with CVE-2025-0072

https://github.blog/security/vulnerability-research/bypassing-mte-with-cve-2025-0072/
this post | permalink
[RSS] Don't Call That "Protected" Method: Dissecting an N-Day vBulletin RCE

https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce
this post | permalink
Attacking EDRs Part 4: Fuzzing Defender's Scanning and Emulation Engine (mpengine.dll)

https://labs.infoguard.ch/posts/attacking_edr_part4_fuzzing_defender_scanning_and_emulation_engine/

Great to see snapshot #fuzzing successfully applied to another AV product!
this post | permalink
Next Page