infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@TarkabarkaHolgy Is it just the usual quality of recent dubs or do they also try to do Jamaican-Hungarian accents?
this post | permalink
@cynicalsecurity "you have exceeded your daily recharge limit" - Are they seriously refusing money? This must be some sector-specific idiocy, because the only place I've encountered this was another telco.
this post | permalink
Arbitrary Authentication Relay Vulnerability in Deprecated EAP Browser Plugin (CVE-2024-22245)

"A malicious actor could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs)."

https://www.vmware.com/security/advisories/VMSA-2024-0003.html

https://core.vmware.com/resource/vmsa-2024-0003-questions-answers
this post | permalink
[RSS] CVE-2023-48788: Fortinet FortiClientEMS SQL Injection Deep Dive

https://www.horizon3.ai/attack-research/cve-2023-48788-fortinet-forticlientems-sql-injection-deep-dive/
this post | permalink
[RSS] Pwn2Own Vancouver 2024 - Day One Results

https://www.thezdi.com/blog/2024/3/20/pwn2own-vancouver-2024-day-one-results

It's pretty amazing that @thezdi has an Insta and communicates with YT Shorts (hacking is cool now!), it's only that these platforms are *terrible* at delivering actual information...
this post | permalink
"A simple principle is that for most things that are automated and scaled, the *trust requirements* have to be vastly expanded and made vastly more strict."

https://www.quora.com/What-does-Alan-Kay-think-about-programming-and-teaching-programming-with-copilots-and-LLMs-of-today
this post | permalink
@SecurityWriter I think this is in large part a result of an unexpected change in threat models: if you assume every one of your peers is trusted design gets much easier. Then security comes by and tells you that your users are sometimes assholes and your B2B partners can get compromised and it changes the game. But your original plan wasn't wrong considering your original assumptions.
this post | permalink
@algernon @datarama @technomancy Can't you just prompt an LLM to output realistic looking code that doesn't work? Feed them their own crap.
this post | permalink
ELF Internals - What I wish I knew when learning about ELF (Executable and Linkable Format) files.

https://beepandboo.com/elf-internals/
this post | permalink
Reverse Engineering Automation - Minimizing the Noise

https://beepandboo.com/reverse-engineering-automation-minimizing-the-noise/

#reverseengineering
this post | permalink
Next Page