infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

[RSS] Arbitrary web root file read in Sitecore before v10.4.0 rev. 010422

https://blog.scrt.ch/2024/11/25/arbitrary-web-root-file-read-in-sitecore-before-v10-4-0-rev-010422/
this post | permalink
[RSS] Finding vulnerabilities in ClipSp, the driver at the core of Windows' Client License Platform

https://blog.talosintelligence.com/finding-vulnerabilities-in-clipsp-the-driver-at-the-core-of-windows-client-license-platform/
this post | permalink
[RSS] How JWT Libraries Block Algorithm Confusion: Key Lessons for Code Review

https://pentesterlab.com/blog/jwt-algorithm-confusion-code-review-lessons
this post | permalink
[RSS] Ruby 3.4 Universal RCE Deserialization Gadget Chain

https://nastystereo.com/security/ruby-3.4-deserialization.html
this post | permalink
@screaminggoat @dreadpir8robots @h4sh @todb Full Disclosure
this post | permalink
@screaminggoat @dreadpir8robots @todb @h4sh IME CVE issuance is the easiest part: if vendor is a CNA, they will take care of it, most of the process is coordinating technical details and disclosure. If it's MITRE you can get a CVE basically instantly with their online form.

I have to note that AFAIK MITRE is *not* a fallback (they will redirect you to the CNA you just visited), and H1 is *definitely* not a fallback (for a multitude of reasons). FD is a fallback, and so is CERT-CC in some cases.
this post | permalink
@wdormann Is this the feature implemented by ai.exe, aka. "Artificial Intelligence Host"? That thing caused problems for me before by trying to chat with the mothership:

https://www.reddit.com/r/Office365/comments/ylkip5/comment/j3vjm8w/
this post | permalink
[RSS] RISC CPU Lives in Excel

https://hackaday.com/2024/11/24/risc-cpu-lives-in-excel/
this post | permalink
From Guardian to Gateway: The Hidden Risks of EDR Vulnerabilities — Neodyme
https://neodyme.io/en/blog/wazuh_rce/ /via @tekwizz123

CVE-2024-32038, CVE-2023-50260
#frombsky
this post | permalink
@aardrian That's weird, it usually works for me out of the box :( I'm not in the mood of digging into Medium's bullshit, but the link at the top of the article seems to work. Anyway, sorry for the spam!
this post | permalink
Next Page