infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

[RSS] Salamander/MIME - Just because it's encrypted doesn't mean it's secure | Lutra Security

https://lutrasecurity.com/en/articles/salamander-mime/
this post | permalink
@bert_hubert The book touches on the societal context too, but what's more interesting is to me is that the populist rhetoric it describes is remarkably similar to what we see today. This tells me that we as a society don't have an "immune response" against populism because it didn't have to change to remain effective.
this post | permalink
@jullrich @screaminggoat I only got this old one at hand sry
this post | permalink
CVE-2024-52316: Apache Tomcat: Authentication bypass when using Jakarta Authentication API

https://seclists.org/oss-sec/2024/q4/103

Sounds pretty esoteric, but I may be wrong:

"If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail"
this post | permalink
CVE-2024-52317: Apache Tomcat: Request/response mix-up with HTTP/2

https://seclists.org/oss-sec/2024/q4/104

This looks fun! /cc @albinowax
this post | permalink
@dcoderlt oh I didn't know I could paste URL's in search, that's very useful thanks!
this post | permalink
@dcoderlt It's so typical Fedi that it seems impossible to repost this here as I'm on another instance, search doesn't work and even in-page search is broken on the web UI...
this post | permalink
@dcoderlt oh neat thx!
this post | permalink
"Oh, I never posted my gotofail story on here.

Early 2014, someone came to me about a catastrophic vulnerability in Apple's TLS implementation.

I shit you not, they'd overheard someone at a bar drunkenly bragging about how they were going to sell it to a FVEY intelligence agency for six figures."

Bsky for details:
https://bsky.app/profile/rya.nc/post/3lb6kcwlecc2z
this post | permalink
@bert_hubert Do you know this book?

https://www.bol.com/nl/nl/f/het-verboden-boek/9200000070040578/

The parallels it shows with today's populism and our (failing) answers are frightening.
this post | permalink
Next Page