infosex.exchange <3
You are probably looking for the infosec.exchange Mastodon instance
This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.
Discoverability and Archiving
Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.
Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.
Gluttony Section for Search Engines
To little surprise, Copilot just failed my valet test:
@jpmens Wow, I've been planning something like this for ages! :D My concept was to include such obscene/offensive words in every passphrase that no one would dare to share them with anyone.
MS Word autocorrects "HTTP" to lowercase, but it doesn't do so with "HTTPS".
I'd like to request a CVE.
Quill editors CVE-2021-3163 is another example of how confusing identifying security boundaries and evaluating
#CVE data can be: the project thinks it's not their responsibility to filter data incoming from the (trusted) server, while many users assume the frontend component will handle such cases for them securely.
I got a bunch of nice stored XSS vulns as a result in real-world apps even recently.
https://github.com/quilljs/quill/issues/3364#issuecomment-901806341#CveCrowdDeny
@pentagrid The '90s called and they want their bugs back!
@simontsui @gnyman @campuscodi I agree that ceasing comms is never a good step.
I just saw too many cases when a poorly phrased e-mail from the researcher resulted in similar defensive behavior on the vendor side, and I'd like to point out that R7's policy likely needs some work too.
As I said: comms fuckup...
@gnyman @simontsui @campuscodi But it isn't clear that it is *only* about silent patching: it states "including silent patches". "Becomes aware" can mean that the vendor tells R7 they just released a proper advisory within 60 days.
Next Page