infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

[RSS] Netgear RAX30 JSON Parsing getblockschedule() stack-based buffer overflow vulnerability

This is CVE-2023-48725

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887
this post | permalink
It's great that #CVE information is available as structured data, but the fact that I had to fall back to ripgrep and xargs tells me there is room for improvement..
this post | permalink
@norootcause I actually think a chatbot could write this chatbot for you :)
this post | permalink
@algernon That's a good point, which brings us back to the question of whether security boundaries can be defined for a kernel that is used in numerous ways. I'd argue that at least some reasonable bar should be drawn, and at least some of the current CVE's shouldn't qualify, see:

https://twitter.com/ky1ebot/status/1762903790536327237 (there was also a variable renaming commit IIRC...)

If a product violates those assumptions e.g. opens up an API for low-priv users, it should be their problem, their CVE, etc.
this post | permalink
@algernon This way the work of dissecting CVE's becomes redundant, and to be handled by organizations less capable of determining security relevance than the Linux Kernel project itself.
this post | permalink
[Gergely Kalman @ X] Full Disclosure time: Here's a quick LPE for macOS that affects you if you have Homebrew installed under /usr/local (Intel macs or Apple Silicon with Game Porting Toolkit)

https://github.com/gergelykalman/brew-lpe-via-periodic

(admin -> root)
this post | permalink
CVE-2024-1403: Progress OpenEdge Authentication Bypass Deep-Dive

https://www.horizon3.ai/attack-research/cve-2024-1403-progress-openedge-authentication-bypass-deep-dive/
this post | permalink
[Alisa Shevchenko @ X] RT by @alisaesage: ⚡️0-Day Insights: Vmware Critical Security Advisory for ESXi, Workstation, Fusion hypervisors

https://twitter.com/zerodaytraining/status/1765411447604150412
this post | permalink
@shortridge I'm looking forward to establish a YAML-worshipping cult, who's with me?
this post | permalink
Sportswear marketing done right: Nike Airmax FM #synth

#synthdiy #sportsware

https://www.reddit.com/r/synthesizercirclejerk/comments/1b73kc9/nike_airmax_synth_is/
this post | permalink
Next Page