infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

[oss-security] Postfix updated SMTP smuggling countermeasure

"If I'm reading this right, the initial implementation of Postfix smtpd_forbid_bare_newline disallowed bare LF not only at the end of
DATA, but also elsewhere in the SMTP session. This is now relaxed in
the recommended 'smtpd_forbid_bare_newline = normalize' mode to apply
only to the end of DATA, while allowing bare LFs elsewhere. This is
sufficient to prevent the attack while having better compatibility with
existing SMTP clients."

https://www.openwall.com/lists/oss-security/2024/01/22/1
this post | permalink
@lcamtuf It's quite telling that GMail started to flag these as spam
this post | permalink
@LukaszOlejnik I think @malwaretech made pretty good points here: https://malwaretech.com/2023/02/a-realistic-look-at-chatgpt-cybercrime.html
this post | permalink
@joshbressers @wdormann Which would also require a CVE because of CVSS overflow...
this post | permalink
Earthspace - Ozora Festival 2023 - Hungary (4K FULL SET)

https://www.youtube.com/watch?v=D9GKLWJ34W8
this post | permalink
[b1ack0wl @ X] RT by @b1ack0wl: New blog post by "Antonio Fuerte" on JEB!

#reverseengineering

https://trenchant.io/jeb-unchained/
this post | permalink
[RSS] CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Deep-Dive, IOCs, and Exploit

https://www.horizon3.ai/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-deep-dive/
this post | permalink
OMFG this is going to end so bad:

"Writing on the web can be daunting, especially if you want to articulate your thoughts on public spaces or forums. So in next month's Chrome release, we’ll launch another experimental AI-powered feature to help you write with more confidence on the web "

https://blog.google/products/chrome/google-chrome-generative-ai-features-january-2024/
this post | permalink
@R00tkitSMM Look up their recent disclosures, I remember a NAS exploit implemented until 4141414141...
this post | permalink
[RSS] RT by @testanull: I decided to release the PoC scripts ahead of my ShmooCon talk. Happy Hacking :)

"This repository contains proof-of-concept scripts for CVE-2023-45866, CVE-2024-21306, and CVE-2024-0230."

https://github.com/marcnewlin/hi_my_name_is_keyboard
this post | permalink
Next Page