infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@cR0w @krypt3ia
this post | permalink
[RSS] CVE-2024-28987: SolarWinds Web Help Desk Hardcoded Credential Vulnerability Deep-Dive

https://www.horizon3.ai/attack-research/cve-2024-28987-solarwinds-web-help-desk-hardcoded-credential-vulnerability-deep-dive/
this post | permalink
@dcoderlt There are probably less suspicious alternatives, but this is the one I know that certainly can do this.
this post | permalink
@dcoderlt Hardcode the address on a local low-priv proxy (e.g. burp free)?
this post | permalink
@cR0w This is very likely the reason, and IMHO it is good that general awareness is now raised. @Saren42 is technically right of course.
this post | permalink
@joxean I generally have a couple Gs free on my standard plans, so I'd count that as no cost. Hetzner has traffic limits, but that adds no additional cost until you try to serve many users (at which point torrents can help).
this post | permalink
@joxean BitTorrent also comes to mind!
this post | permalink
@joxean I can easily host 1.2G for you on one of my VPSs
this post | permalink
@kaoudis I think what you describe is a slightly different case from the one in the post: you want to explicitly detect failure, while the author doesn't (note that there are no checks for empty).

Considering that even the Big Fat Policy Cat mentioned in the post couldn't prevent digression from the stated rule, it's a good question if trusting an API in a system with nullable types is a good idea in the first place...

Anyway, Mr.Chen usually answers comments, so it may worth to bring up these points at the source too!
this post | permalink
[RSS] Going beyond the empty set: Embracing the power of other empty things

https://devblogs.microsoft.com/oldnewthing/20240923-00/?p=110297
this post | permalink
Next Page