infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@pentagrid The '90s called and they want their bugs back!
this post | permalink
@simontsui @gnyman @campuscodi I agree that ceasing comms is never a good step.

I just saw too many cases when a poorly phrased e-mail from the researcher resulted in similar defensive behavior on the vendor side, and I'd like to point out that R7's policy likely needs some work too.

As I said: comms fuckup...
this post | permalink
@gnyman @simontsui @campuscodi But it isn't clear that it is *only* about silent patching: it states "including silent patches". "Becomes aware" can mean that the vendor tells R7 they just released a proper advisory within 60 days.
this post | permalink
@simontsui @campuscodi Is it me or Rapid7's policy is painfully vague about exploit publication?

I mean point 4. can be easily interpreted so that if there is an official patch with proper CVE, security impact description, etc. R7 will still publish the exploit immediately, while I think in this good-faith case it'd make much more sense to stick to the 60-day deadline from point 3.

https://www.rapid7.com/security/disclosure/

Anyhow this looks like a major communication fuckup.
this post | permalink
Everything went wrong.

Please try again later.
this post | permalink
[RSS] CVE-2024-28084 iwd double-free in beacon parsing

https://www.supernetworks.org/pages/blog/beacon-double-free-inet-wireless-daemon-CVE-2024-28084
this post | permalink
[RSS] CVE-2024–23897 – Arbitrary file read in Jenkins

https://blog.securelayer7.net/arbitrary-file-read-in-jenkins/
this post | permalink
I stopped my Twitter cross-poster after Nitter and related instances decided subscribing to Twitter accounts through them is not OK. i understand this may be understood as "scraping", but what I did was 1) performed through their official API/RSS feeds 2) the same what I would do with any Twitter client.

If my traffic was too high (I highly doubt it was as I only retrieved data I could humanly process and even implemented round-robin for load balancing) I sincerely apologize, but it seems my client is specifically banned now, independently from the frequency/amount of the requests.

Will give a shot with automation through bird.makeup....
this post | permalink
Still true!

https://www.theguardian.com/tv-and-radio/2018/oct/03/you-rang-mlord-the-90s-british-sitcom-and-its-unlikely-hungarian-super-fans
this post | permalink
@fay59 "stop saying spatial safety and temporal safety! Use bounds safety and lifetime safety!" - may I ask why?
this post | permalink
Next Page