infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@hnsec These posts are our go-to sources these days for Montoya dev, thank you!
this post | permalink
@joxean She clearly wasn't the mastermind behind the heist...
this post | permalink
[RSS] Heather 'Razzlekhan' Morgan sentenced to 18 months in prison, ending Bitfinex saga

https://therecord.media/razzlekhan-bitfinex-sentenced-18-months-bitcoin-laundering

The Crocodile of Wall Street spends some time in the sewers... https://www.youtube.com/watch?v=_DIuPPmY9mw
this post | permalink
[RSS] Salamander/MIME - Just because it's encrypted doesn't mean it's secure | Lutra Security

https://lutrasecurity.com/en/articles/salamander-mime/
this post | permalink
@bert_hubert The book touches on the societal context too, but what's more interesting is to me is that the populist rhetoric it describes is remarkably similar to what we see today. This tells me that we as a society don't have an "immune response" against populism because it didn't have to change to remain effective.
this post | permalink
@jullrich @screaminggoat I only got this old one at hand sry
this post | permalink
CVE-2024-52316: Apache Tomcat: Authentication bypass when using Jakarta Authentication API

https://seclists.org/oss-sec/2024/q4/103

Sounds pretty esoteric, but I may be wrong:

"If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail"
this post | permalink
CVE-2024-52317: Apache Tomcat: Request/response mix-up with HTTP/2

https://seclists.org/oss-sec/2024/q4/104

This looks fun! /cc @albinowax
this post | permalink
@dcoderlt oh I didn't know I could paste URL's in search, that's very useful thanks!
this post | permalink
@dcoderlt It's so typical Fedi that it seems impossible to repost this here as I'm on another instance, search doesn't work and even in-page search is broken on the web UI...
this post | permalink
Next Page