infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@freddy @swapgs thanks, it was a detour really, but I hope I'll get back to the topic sometime :)
this post | permalink
@swapgs if control over the dst of the request is the differentiator I'd argue that controlling the host vs route vs ... is conceptually the same, eg:

- /api/foo can be proxied differently than /api/static
- /?action=... can lead to totally different parsers
this post | permalink
@swapgs SSRF, but maybe I misunderstand
this post | permalink

The V8 Heap Sandbox by Samuel Gross

https://www.youtube.com/watch?v=5otAw81AHQ0

Finally managed to watch this (h/t @swapgs for the reminder), some things that struck me:

  • Browsers are OS’s and now they demand CPU features for security
  • We need security boundaries that are testable - so happy to see this concept implemented at such a fundamental component!

Also, make sure to watch the Q&A part :D

#OffensiveCon24

this post | permalink
@foone Weren't they called TrueType exploits?
this post | permalink
this post | permalink
@stacksmashing Seriously, this was one of the rare talks when a really distant concept (even though most of the audience could be safely categorized as "hackers") was described in a really approachable way and I think most of us SW ppl left the room smarter. Thank you!
this post | permalink
@TarkabarkaHolgy Thanks, I put these on my list (that grows by the day ofc...)!
this post | permalink
@csepp FTR: https://moly.hu/konyvek/burany-bela-a-legkisebb-kiralylany-kivansaga
this post | permalink
[oss-security] Microsoft leak of PlayReady developer / Warbird libs

"On Jun 11, 2024 Microsoft engineer posted on a public forum information about a crash [...] The post had an attachment - a 771MB file (4GB unpacked), which leaked
internal code (260+ files) pertaining to Microsoft PlayReady" 🍿

https://seclists.org/fulldisclosure/2024/Jun/7
this post | permalink
Next Page