infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@swapgs "Handling it only at the "right" place also gets tricky..." - This is part of the reason I'm asking. My thinking is that with multiple guards you'll need multiple changes for thing to go wrong, so you may have to trace all of those during debugging.

Generally it may be true that finding the removal of the last guard will tell you what the problem is, but I'm not sure this is always this simple, and that by seeing the last guard only wouldn't mislead the fixer.

(Again, I'm not talking about security-critical checks here, in those cases defense-in-depth is clearly beneficial)
this post | permalink
#Programming best-practice:

If I have the chance to prepare for edge cases at two places, should I do so at both? In security we would call this defense-in-depth, but functionality-wise I have the feeling that this introduces redundancy and I may catch bugs earlier if I only did the handling at the "right" place.

What do you think?

Does the equation change, if we talk about distinct components (e.g.: code&template, different microservices)?
this post | permalink
@singe @wdormann I'm not that sure about the "no shitpost" part on my side :D Thanks for the commendation!
this post | permalink
[RSS] The Windows Registry Adventure #1: Introduction and research results

https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html

The story of the recent CVE tsunami by j00ru
this post | permalink
"2024 is the year of serverlesslessness"

https://www.youtube.com/watch?v=aWfYxg-Ypm4
this post | permalink
@stevelord These should be sold as separate container, filling and nozzle products so you can combine the individual parts according to what type of fire you are extinguishing.
this post | permalink
[RSS] Silicon Labs Gecko Platform HTTP server header parsing invalid pointer dereference vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1945

CVE-2023-51391
this post | permalink
[RSS] LSA Whisperer

https://posts.specterops.io/lsa-whisperer-20874277ea3b

Impressive work, expect to see a ton of tooling built on this!
this post | permalink
[RSS] Compiling and Running Turbo Pascal in the Browser

https://hackaday.com/2024/04/17/compiling-and-running-turbo-pascal-in-the-browser/
this post | permalink
[RSS] Entra ID Banned Password Lists: password spraying optimizations and defenses

https://www.synacktiv.com/en/publications/entra-id-banned-password-lists-password-spraying-optimizations-and-defenses
this post | permalink
Next Page