infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@gnyman @simontsui @campuscodi But it isn't clear that it is *only* about silent patching: it states "including silent patches". "Becomes aware" can mean that the vendor tells R7 they just released a proper advisory within 60 days.
this post | permalink
@simontsui @campuscodi Is it me or Rapid7's policy is painfully vague about exploit publication?

I mean point 4. can be easily interpreted so that if there is an official patch with proper CVE, security impact description, etc. R7 will still publish the exploit immediately, while I think in this good-faith case it'd make much more sense to stick to the 60-day deadline from point 3.

https://www.rapid7.com/security/disclosure/

Anyhow this looks like a major communication fuckup.
this post | permalink
Everything went wrong.

Please try again later.
this post | permalink
[RSS] CVE-2024-28084 iwd double-free in beacon parsing

https://www.supernetworks.org/pages/blog/beacon-double-free-inet-wireless-daemon-CVE-2024-28084
this post | permalink
[RSS] CVE-2024–23897 – Arbitrary file read in Jenkins

https://blog.securelayer7.net/arbitrary-file-read-in-jenkins/
this post | permalink
I stopped my Twitter cross-poster after Nitter and related instances decided subscribing to Twitter accounts through them is not OK. i understand this may be understood as "scraping", but what I did was 1) performed through their official API/RSS feeds 2) the same what I would do with any Twitter client.

If my traffic was too high (I highly doubt it was as I only retrieved data I could humanly process and even implemented round-robin for load balancing) I sincerely apologize, but it seems my client is specifically banned now, independently from the frequency/amount of the requests.

Will give a shot with automation through bird.makeup....
this post | permalink
Still true!

https://www.theguardian.com/tv-and-radio/2018/oct/03/you-rang-mlord-the-90s-british-sitcom-and-its-unlikely-hungarian-super-fans
this post | permalink
@fay59 "stop saying spatial safety and temporal safety! Use bounds safety and lifetime safety!" - may I ask why?
this post | permalink
[RSS] Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard

https://msrc.microsoft.com/blog/2024/03/update-on-microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/
this post | permalink
[RSS] Netgear RAX30 JSON Parsing getblockschedule() stack-based buffer overflow vulnerability

This is CVE-2023-48725

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887
this post | permalink
Next Page