infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@cR0w @nixCraft RSS would be nice but it does have an open, machine-readable API:

https://euvdservices.enisa.europa.eu/api/lastvulnerabilities

Edit: this one seems even better: hxxps://euvdservices.enisa.europa.eu/api/vulnerabilities?assigner=&product=&vendor=&text=&fromDate=&toDate=&fromScore=0&toScore=10&fromEpss=0&toEpss=100&exploited=true&page=0&size=10
this post | permalink
A helpful PoC for Dropbear CVE-2025-47203 dropped on oss-security:

https://seclists.org/oss-sec/2025/q2/123

`dbclient 'localhost,|touch 123 '`
this post | permalink
@cR0w CVSS is exceptionally bad at scoring XSS
this post | permalink
[RSS] Microsoft spots zero-day use in spy campaign against Kurdish military in Iraq

https://therecord.media/microsoft-zero-day-spy-campaign
this post | permalink
[RSS] Open-source toolset of an Ivanti CSA attacker

https://www.synacktiv.com/en/publications/open-source-toolset-of-an-ivanti-csa-attacker
this post | permalink
[oss-security] Dropbear SSH 2025.88 fixes CVE-2025-47203

https://seclists.org/oss-sec/2025/q2/116

"Don't allow dbclient hostname arguments to be interpreted by the shell."

Sounds like fun on many embedded devices :) Original announcement:

https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2025q2/002385.html
this post | permalink
[RSS] Dubious security vulnerability: A program does not run correctly if you run it the wrong way, redux

https://devblogs.microsoft.com/oldnewthing/20250512-00/?p=111174
this post | permalink
This was a fun one :)

https://github.com/Binary-Gecko/ekoparty2024_challenge
this post | permalink
@tib3rius Piper of course: https://portswigger.net/bappstore/e4e0f6c4f0274754917dcb5f4937bb9e
this post | permalink
@thezdi Ugh, good luck!
this post | permalink
Next Page