infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@claudiom @benbrown @djsundog Until the battery starts to leak...
this post | permalink
@Victorsigmoid @shortridge
this post | permalink
@kaoudis Your towel of course https://hitchhikers.fandom.com/wiki/Towel
this post | permalink
@cryptax Aside of unreadable syntax playing part in the xz incident I think major drivers are performance and built-in dependency management (the latter also related to language support).
this post | permalink
@ping4pong This must be Cat Heaven! :D
this post | permalink
Is there a legislation in #Berlin requiring every bar to have a disco globe? They seem to obey this rule pretty strictly.
this post | permalink
*Finally* a fresh set from this lady!

https://www.youtube.com/watch?v=9hfu8DrfGxo
this post | permalink
Booting with Caution - Dissecting Secure Boot’s Third-Party Attack Surface

https://nbviewer.org/github/microsoft/MSRC-Security-Research/blob/master/presentations/2024_05_OffensiveCon/OffensiveCon24_Booting_With_Caution_BDemirkapi.pdf?ref=blog.exploits.club

#OffensiveCon24
this post | permalink
@Sempf
- Would NVD be a venue for credit-seeking if they ever did proper evaluation of reports instead of slapping CVSS 9.8 on any report including the world "overflow"? Or if there was a proper process for getting CVE's rejected/updated (see https://daniel.haxx.se/blog/2024/02/21/disputed-not-rejected/)? Blame the process, not the people!
- Do people monetizing their vulns on "the Dark Web" also request CVE's for them? That's new!
- If someone wants a bounty they will have to go through a proper evaluation process before any chance of a CVE being assigned by the vendor. The reporter can request one of course (see my first point), but that's not relevant from monetary perspective.

The article also elegantly ignores the Linux kernel CNA, that literally spams the CVE database these days...
this post | permalink
I *am* cheating but also really proud of this one :)

#IBMi
this post | permalink
Next Page