infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

The Album Cover of the Year Contest starts off pretty strong!

I mean how would you beat Schwarzenegger teaming up with Gremlins and the Cobra Commander (and others) to mutilate the clones of Steven Segal?

https://listenable-records.bandcamp.com/album/big-trouble
this post | permalink
@recon any news about 2024 recordings?
this post | permalink
@cR0w @screaminggoat I will never not like this meme!
this post | permalink
Cisco Talos is grinding through NVIDIA nvJPEG2000, check out their vulnerability reports page for details:

https://talosintelligence.com/vulnerability_reports#disclosed

CVE-2024-0142, CVE-2024-0143, CVE-2024-0144, CVE-2024-0145
this post | permalink
[RSS] Exploring a VPN Appliance: A Researcher's Journey [CVE-2024-46666, CVE-2024-46668]

https://www.akamai.com/blog/security-research/2025-february-fortinet-critical-vulnerabilities

"We%27ll go through the processes of getting the firmware, decrypting, setting up a debugger, and finally looking for vulnerabilities." -> Mad respect!
this post | permalink
That's it, I unsubscribed Sonar because of their shitty RSS :P
this post | permalink
@krypt3ia The broccoli head generation is finally taking over
this post | permalink
@freddy Note that this is typical to intranets where the risk of CSRF is negligible IMO
this post | permalink
@freddy You typically see this when IIS handles NTLM/Kerberos auth. Authentication is transparently handled on the (Windows) client so even if the session cookie is not sent (e.g. due to SameSite) with the original request, the request gets reauthenticated and (in most cases) the requested action will be performed at server-side.
this post | permalink
@freddy WWW-Authenticate: Negotiate :)
this post | permalink
Next Page