infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@cynicalsecurity thanks for the detailed answer! As I understand moving to "thin clients" would make security management simpler as there are only a few systems to secure instead of a fleet of machines with weird states and requirements. What is not clear is how would this solve the more abstract issue of users accidentally running malware that inherits all their privs (either on their laptop or on the "mainframe").

App whitelisting and sandboxing (mobile apps, Win S) seem to point in the right direction, but I'd be interested in your take, esp. about if/how the proposed distributed model would help with this.
this post | permalink
@cynicalsecurity in your opinion what would be the alternatives to mitigating risk of eg. client-side trojans, given Windows dominance and existing tech?
this post | permalink
@marcan testing stuff with DRM can be tricky though: https://infosec.place/notice/Ak77QQbjZ0Z52TP6I4 (not saying this as an excuse, but a potential contributing factor)
this post | permalink
This is Fedi thread with further relevant info: https://chaos.social/@gsuberland/112816518452535570
this post | permalink
This seems like a legit analysis of the #CrowdStrike crash woth samples and without politics or conspiracy theories (that appear to be rampant on X...):

https://threadreaderapp.com/thread/1814343502886477857.html
this post | permalink
The #CrowdStrike thing looks like a major testing fuckup, that shouldn't have happened.

On the other hand we know that relevant .sys artifacts are DRM'd and user-specific.

I wouldn't be surprised if the issue was related to DRM, at least in the sense that full, DRM-enabled end-to-end testing was not implemented and/or some DRM-introduced bug.
this post | permalink
@pronto #failhot
this post | permalink
@0xabad1dea this is loteral Tech Priest level
this post | permalink
@jik Or US could do that to (former) allies
this post | permalink
@jerry @capnhoppy lol
this post | permalink
Next Page