infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

#IBMi is affected by a user gaining elevated privileges due to an unqualified library call vulnerability in IBM Facsimile Support for i [CVE-2025-36004]

https://www.ibm.com/support/pages/node/7237732

Another one by @silentsignal !
this post | permalink
[RSS] Keiro Control authentication bypass (0-day?) #NoCVE

https://ssd-disclosure.com/ssd-advisory-kerio-control-authentication-bypass-and-rce/
this post | permalink
[RSS] Finding a 27-year-old easter egg in the Power Mac G3 ROM

https://www.downtowndougbrown.com/2025/06/finding-a-27-year-old-easter-egg-in-the-power-mac-g3-rom/
this post | permalink
[RSS] CFCamp 2025 Slides - Understanding CFML Vulnerabilities, Exploits, and Attack Paths

https://www.hoyahaxa.com/2025/06/cfcamp-2025-slides-understanding-cfml.html

#coldfusion
this post | permalink
I updated the generated #Ghidra documentation I host for 11.4:

https://scrapco.de/ghidra_docs/

Here's the documentation for Decompiler Taint Operations:

https://scrapco.de/ghidra_docs/Features/DecompilerDependent/DecompilerTaint/DecompilerTaint.html
this post | permalink
#Ghidra 11.4 released with support for (external) taint engines in the decompiler:

https://github.com/NationalSecurityAgency/ghidra/releases/tag/Ghidra_11.4_build
this post | permalink
@nflnfl and they were 100% right!
this post | permalink
@Viss F1 is the new U2
this post | permalink
@Viss @neurovagrant @dangoodin I think a better analogy would be Stagefright where target diversity was a major factor blocking widespread abuse IIRC: based on my recent experiments with side-channels, target HW can have significant effects.

FTR, this is an example of targeting end-user applications:

https://www.youtube.com/watch?v=ugZzQvXUTIk

And don't forget: as SW mitigations (or even HW assisted ones) get better, attackers may turn to more "painful" alternatives...
this post | permalink
[RSS] Abusing copyright strings to trick software into thinking it's running on your competitor's PC

https://devblogs.microsoft.com/oldnewthing/20250624-00/?p=111299

#warez
this post | permalink
Next Page