infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@jann @freddy I've heard that bug bounty submissions definitely correlate with the summer break
this post | permalink
@todb @zmanion Based on the post I'm afraid including error detection in new ID's would cause a Hell of a mess at the consumers side :(
this post | permalink

This is a #test of frequency instruments.

Bass Drums Distortion Artifacts

this post | permalink
@cynicalsecurity Thanks I'll look that up!
this post | permalink
@brewsterkahle Sorry, not a native speaker here! What I mean (half-jokingly) is these days we - as in users and developers - just accept that our software is bad. We create higher layers of abstractions so ppl with minimal training can produce more sw, because we always need more sw somehow. Then ofc the abstractions leak, and the design doesn't make sense and UX is horrible. Then - if the lawyers and salesppl were smart enough - the producer can charge even more money for the fixes. And the buyers don't have alternatives and they just accept their faith because sw has always been buggy. And this is how you boil a frog.
this post | permalink
@brewsterkahle Finally giving up on quality?
this post | permalink
@astralia @pancake @joxean @radareorg I like the warm fuzzy feeling of running NSA code (financed by US taxpayers) on my machine :)
this post | permalink
@cynicalsecurity I think "some form of NFS" deserves some focus. I haven't thought about this but seen enough NFS induced vulns to say NFS probably won't be it. You ruled out SMB. What are the alternatives?

(We have some nice setups with MinIO, but wrapping everything with HTTP doesn't feel right either)
this post | permalink

My friends at Ravenfortech wrote an introductory #malwareanalysis post on the INC #Ransomware:

https://translate.kagi.com/https://scribe.rip/@ravenfortech/inc-ransomware-elemz%C3%A9s-a909b5aed114

This gang recently pwned the Hungarian company responsible for military procurement (VBÜ) and now selling the data for $1M.

https://444.hu/2024/12/01/visszakerultek-a-netre-a-vedelmi-beszerzesi-ugynokseg-ellopott-adatai-egymillio-dollarrol-indul-a-licit

Based on the analysis the malware is very simple. INC uses 2023 CitrixBleed (2023) and spear phishing for initial access:

https://www.sentinelone.com/anthology/inc-ransom/

This doesn’t paint a picture of mature security at VBÜ to say the least…

this post | permalink
@pancake @joxean To be fair the issue I brought up only comes up during more "low-level" development (specifically Processor modules), certainly not during scripting. With Python scripts you can just configure a script directory and write your scripts there with any editor, and you can even fire up a headless instance from some vim command to run it. Java is more cumbersome (as Java usually is) but one of my side-quests is to document how to set up a proper devenv for it.
this post | permalink
Next Page