infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@spacerog @chompie1337 Here's the results summary: https://www.thezdi.com/blog/2024/3/21/pwn2own-vancouver-2024-day-two-results
this post | permalink
@Pionir @thiagocsf @helenczerski @davidho Came to post this, thank you :D
this post | permalink
Is it me or Kindle's battery level indicator is a lying bastard?
this post | permalink
[RSS] Exploiting GLPI during a Red Team engagement

http://blog.quarkslab.com/exploiting-glpi-during-a-red-team-engagement.html

"GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing." This is CVE-2023-43813.
this post | permalink
[RSS] Pwn2Own Vancouver 2024 - Day Two Results

https://www.thezdi.com/blog/2024/3/21/pwn2own-vancouver-2024-day-two-results
this post | permalink
@TarkabarkaHolgy Is it just the usual quality of recent dubs or do they also try to do Jamaican-Hungarian accents?
this post | permalink
@cynicalsecurity "you have exceeded your daily recharge limit" - Are they seriously refusing money? This must be some sector-specific idiocy, because the only place I've encountered this was another telco.
this post | permalink
Arbitrary Authentication Relay Vulnerability in Deprecated EAP Browser Plugin (CVE-2024-22245)

"A malicious actor could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs)."

https://www.vmware.com/security/advisories/VMSA-2024-0003.html

https://core.vmware.com/resource/vmsa-2024-0003-questions-answers
this post | permalink
[RSS] CVE-2023-48788: Fortinet FortiClientEMS SQL Injection Deep Dive

https://www.horizon3.ai/attack-research/cve-2023-48788-fortinet-forticlientems-sql-injection-deep-dive/
this post | permalink
[RSS] Pwn2Own Vancouver 2024 - Day One Results

https://www.thezdi.com/blog/2024/3/20/pwn2own-vancouver-2024-day-one-results

It's pretty amazing that @thezdi has an Insta and communicates with YT Shorts (hacking is cool now!), it's only that these platforms are *terrible* at delivering actual information...
this post | permalink
Next Page