infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@fenix Could you summarize this in English? Is there active exploitation?
this post | permalink
[Alex Plaskett @ X] RT by @alexjplaskett: What kind of guarantees can our tooling & processes really provide about the security of our software systems? Here are 9 *fundamental* challenges that are routinely exploited to attack a system despite credible assurances about its security.

https://arxiv.org/abs/2402.01944
this post | permalink
Elevate & Conquer: A Journey Into Kernel Exploitation - Tijme Gommers

#ivanti

https://www.youtube.com/watch?v=hmYK5yoR6UI
this post | permalink
[RSS] Running UNIX On A Nintendo Entertainment System

https://hackaday.com/2024/02/11/running-unix-on-a-nintendo-entertainment-system/
this post | permalink
[RSS] On the virtues of the trailing comma

https://devblogs.microsoft.com/oldnewthing/20240209-00/?p=109379
this post | permalink
[Alisa Shevchenko @ X] RT by @alisaesage: Full chain analysis for CVE-2022-4262 to commemorate my time spent on this non-trivial type confusion! Shoutout to @mistymntncop for his crafted artful exploit and discussion with me! And shoutout to @_clem1, @5aelo, @alisaesage for their prior work :)

Type confusion in V8 in Google Chrome prior to 108.0.5359.94

https://github.com/bjrjk/CVE-2022-4262/
this post | permalink
[frycos @ X] RT by @frycos: RIP BinaryFormatter in .NET 9. Barry's finally getting his wish 😂. For as much as I joke about it, the removal from the runtime truly is for a good cause.

https://github.com/dotnet/runtime/issues/98245
this post | permalink
[dmnk@infosec.exchange @ X] RT by @domenuk: Fuzzing is hard, evaluating fuzzing is harder 🔥 For our new @IIEEESSP paper, we studied 150 fuzzing evals and found issues such as lackluster documentation, bad experiment setups, or questionable CVEs

https://mschloegel.me/paper/schloegel2024sokfuzzevals.pdf
this post | permalink
Some initial observations about #Bluesky:
+ They have RSS, no regwall
+ Feeds are nice compromise between chronological/algorithmic timelines
- Low infosec traffic (mostly tsunamis from pwnallthethings :))
- Rich text handling is an #interop burden IMO
this post | permalink
Now that #Bluesky is open I created an account there. I still plan to be mostly active on #Fedi, but I created an RSS-based cross-poster:

https://github.com/v-p-b/rss2bsky.py

#interop
this post | permalink
Next Page