infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

[RSS] To Infinity and Beyond!

https://posts.specterops.io/to-infinity-and-beyond-feab2d8ff93c?source=rss----f05f8696e3cc---4

Increasing our understanding of EDR capabilities in the face of impossible odds.
this post | permalink
@itm4n @yaumn I thought I already read this one with the rotational logic but turns out this VirtualBox LPE is just very similar: https://www.mdsec.co.uk/2024/04/cve-2024-21111-local-privilege-escalation-in-oracle-virtualbox/
this post | permalink
@whitequark Is there a language that supports nesting? :O
this post | permalink
This presentation by @HalvarFlake seems relevant to the issue...

Security, Moore’s law, and the anomaly of cheap complexity

https://rule11.tech/papers/2018-complexitysecuritysec-dullien.pdf
this post | permalink
A Bug Hunter’s Reflections on Fuzzing by @a13xp0p0v

https://a13xp0p0v.github.io/img/Alexander_Popov-Reflections_on_Fuzzing.pdf

#Fuzzing
this post | permalink
Crazy story about cursed tech from the other site:

"True Apple lightning devices are more expensive to make. So instead of conforming to the Apple standard, these companies have made headphones that receive audio via bluetooth — avoiding the Apple specification — while powering the bluetooth chip via a wired cable, thereby avoiding any need for a battery."

https://x.com/joshwhiton/status/1796222090216886682
this post | permalink
@Viss @SPAM @rubinjoni How often do you browse to your page file so Recall would index it? Or you mean mine parsed recall data from the page file? In the latter case you'd need privileged that would allow you to just grab the on-disk Recall data I think.
this post | permalink
@centaury I'm not talking about defective controls, but working ones, that are in place exactly because users behave as you described. Incidentally such controls are usually found at places that matter (bank, pwstore, etc).

Will such controls protect all users every time? No. But my impressions (which may be wrong, but I don't have any data) is that the impact of data breaches (esp. ones that involve ~only credentials) is diminishing.
this post | permalink
@Viss @rubinjoni @SPAM Have you recently unmasked a password in your pw manager? That is not persistently stored as plaintext!
this post | permalink
@centaury Are they? I get password stuffing is a problem, but it's been a problem of current scale for at least a decade and many services require mfa, monitor compromised creds, monitor sus activity etc. I even got my debit card skimmed once, and lost exactly 0 money.

I'd be on a different opinion if we talked e.g. medical data, but many breached services just don't hold data that is much valuable to anyone.
this post | permalink
Next Page