infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@detective This means that there is a way for a low privileged user to get their data out of this "admin-only" database (like a service running as SYSTEM), right?
this post | permalink
[RSS] CVE-2024-23108: Back Again! Fortinet FortiSIEM 2nd Order Command Injection Deep-Dive, IOCs, and Exploit

https://www.horizon3.ai/attack-research/disclosures/cve-2024-23108-fortinet-fortisiem-2nd-order-command-injection-deep-dive/
this post | permalink
[RSS] Foxit Reader Updater improper certificate validation privilege escalation vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1989

This is CVE-2024-29072
this post | permalink
@swapgs Fixed in the original, thanks!
this post | permalink
@kaoudis
this post | permalink
[RSS] Introducing LLM-based harness synthesis for unfuzzed projects (2024.05.27, Blog)

https://blog.oss-fuzz.com/posts/introducing-llm-based-harness-synthesis-for-unfuzzed-projects/
this post | permalink
[RSS] Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1)

https://www.ambionics.io/blog/iconv-cve-2024-2961-p1
this post | permalink
@AmandaWeaver rejtő jenő audiobooks (YT) + ebook (mek.oszk.hu)?
this post | permalink
@bughuntercat my educated guess is someone needs a promotion
this post | permalink
"Microsoft has always taken the stance with vulnerabilities and attacks that once a device is compromised, all bets are off, and security boundaries are thrown out the window."

This is all well and good, except with #Recall attacker will get access to data that occurred (even temporarily) on your machine *before* the compromise happened.

https://www.bleepingcomputer.com/news/microsoft/microsofts-new-windows-11-recall-is-a-privacy-nightmare/
this post | permalink
Next Page