infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

Today's star of the show seems to be Citrix...

https://www.cve.org/CVERecord?id=CVE-2025-7775
https://www.cve.org/CVERecord?id=CVE-2025-7776

/ht @cR0w

RE: https://infosec.place/objects/f89c1f12-08ad-4b8d-9a6e-33f954fbeb77
this post | permalink
@davidgerard ICYMI: https://eprint.iacr.org/2025/1237.pdf
this post | permalink
@meluzzy You are not wrong, it's just static linking is preferred in a lot of deployment cases. On Windows specifically, DLL Hell remains a thing, although now side-by-side assemblies aim to solve that issue (in a pretty convoluted way IMO). I think to some extent handling bugs arising from different library versions on different Linux distros is even worse - IIRC that's a reason why Go (used on a bazillion servers of Google) links statically by default. Also, for ad-hoc tasks like debugging it's much better to drop a single-file util that just works than mess with the configuration of the system through the package manager/winstaller.

There are surely more pro-con arguments, the point is that we have different ways for linking because use-cases differ, and both methods have their place.
this post | permalink
@raptor Please contribute to https://github.com/v-p-b/codeql-cheat-sheet if you can ;)
this post | permalink
@windsheep @raptor "CodeQL CLI users can enable this feature starting with version 2.21.4 by using the build-mode: none flag" As I understand the feature is also available for on-prem stuff (this won't help if you want to scan your private stuff on GH ofc)
this post | permalink
[RSS] postMessaged and Compromised

https://msrc.microsoft.com/blog/2025/08/postmessaged-and-compromised/

"a deep dive into the risks of misconfigured postMessage handlers""
this post | permalink
Google publishes security research on #GitHub, but instead of commiting to a repository they issue Security Advisories for a somewhat random repo:

https://github.com/google/security-research/security

Is there a way to clone this data as a #Git repository (from a service named after the aforementioned SCM system)?
this post | permalink
[RSS] When CTF Meets Bug Bounty: A Critical UXSS in Opera Browser

https://medium.com/@renwa/when-ctf-meets-bug-bounty-a-critical-uxss-in-opera-browser-ee16f389e555?source=rss-3f8ae70e3957------2
this post | permalink
[RSS] SQLite: Integer truncation in findOrCreateAggInfoColumn

https://github.com/google/security-research/security/advisories/GHSA-qj7j-3jp8-8ccv

CVE-2025-6965
this post | permalink
I should write a summarizer for @talosvulns...

Until then, it's worth to check out the latest image parser bugs:

https://talosintelligence.com/vulnerability_reports/
this post | permalink
Next Page