infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

[RSS] Pinball Fantasies DOS version reverse-engineering/porting project

https://donotsta.re/notice/AhTxZcoU2xkL7eQaky
this post | permalink
@swapgs @joern Or idk, not phrasing documentation like riddles? :)
this post | permalink

This latest writeup by @joern mentions the #documentation of Go’s filepath.Clean is “not really obvious” when dealing with relative paths.

I think this is something all #golang devs should be aware of to avoid similar vulnerabilities.

The language is kind of amazing:

  • Step 3. only applies if there is a parent path to be eliminated together with the subsequent “..” (“/foo/..” -> “/“)
  • Step 4. only applies to “rooted” (absolute) paths, so “/../foo” would become “/foo”, but “../“ is left untouched (as there is no relative parent path to eliminate either).

This makes the docs technically correct (“the best kind of correct!”), but even with the solution at hand it took some head scratching to figure out the true meaning.

this post | permalink
[RSS] File-write on Gitlab via YAML parser differential

https://gitlab-com.gitlab.io/gl-security/security-tech-notes/security-research-tech-notes/devfile/
this post | permalink
@jerry My condolences!
this post | permalink
@sassdawe Would you recommend that for an on-prem lab environment?
this post | permalink
Is there a browser on this planet that doesn't ask you 28 stupid questions before allowing you to actually browse?
this post | permalink
[oss-security] CVE-2023-49606, CVE-2023-40533: memory safety vulnerabilities in tinyproxy <=1.11.1

https://www.openwall.com/lists/oss-security/2024/05/07/1
this post | permalink
@maldr0id
- How do you know the wings won't explode?
- Brian said he checked it and it's fine.
this post | permalink
[RSS] Dive Deeper into Game Reverse Engineering with Packet Ripper, a Specialist Packet Logger

https://packetripper.live/
this post | permalink
Next Page