infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

Are there technological reasons to believe that "AI" and quantum compuing will "merge" somehow, or do ppl only say this because both things sound sci-fi-ish?
this post | permalink
@da_667 TIL: https://wiki.php.net/rfc/deprecate_php_short_tags
this post | permalink
@FuzzyAleks That one caught my eye, can't wait to get to it! :)
this post | permalink

Interesting report on threat actor using XSS to phish Group-IB employess (via @simontsui) :

https://www.group-ib.com/blog/resumelooters/

At first glance these appear to be stored XSS attacks, so not relevant to xss-reflections.

this post | permalink
@rysiek @nazgul @drwhax More like NSA products are not commercial...
this post | permalink
Case in point: I just reviewed a report where the author apparently used an LLM to decode base64. The result has nothing to do with the input, but it's pretty easy to find its sources on StackOverflow.

The person has several years of experience and a decent CV too, currently working in a senior position.

RE: https://infosec.place/objects/21ef69ce-b684-4e85-af5d-9c8729f3aeca
this post | permalink
@tmr232 @joxean @panther_modern This reminds me of PHP LFI payloads that survived (or appeared as a result of) re-encoding :)
this post | permalink
@joxean @panther_modern Polyglots are of a greater concern when it comes to malware distribution I think, and thinking about it, I'm a bit surprised that bigger instances are not on blacklists already because of this...
this post | permalink
[b1ack0wl @ X] RT by @b1ack0wl: Want to do vuln research in MikroTik routers? My jailbreak scrript gets you root on all RouterOS 6.x and 7.x, including the latest 7.14beta9

https://github.com/pedrib/PoC/blob/master/tools/mikrotik_jailbreak.py
this post | permalink
In case anyone wonders how the Spoutible shitshow could happen, I'm pretty sure the answer involves "the framework".

Nobody is willing (or should) carve out records from a DB by hand these days, ORM's do that boring work for us. It also makes sense to just return a User object (magically serialized to JSON) when someone requests user information. But since the DB record corresponding to the User object also includes all kinds of sensitive data...

Of course, this also means, that no one - not even the developers - cared to glance at the HTTP traffic generated by the API. They definitely should have, but today's webdev happens at way higher abstraction levels, and this is part of the price we pay for the convenience.

https://www.troyhunt.com/how-spoutibles-leaky-api-spurted-out-a-deluge-of-personal-data/
this post | permalink
Next Page