infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

This follow-up to CVE-2024-57882 by Solar Designer also worth reading:

https://seclists.org/oss-sec/2025/q2/3

"A reason CVE-2024-57882 may have stayed unpatched in a distro is it could have been wrongly believed to be a NULL pointer dereference only due to a specific crash reported by Syzbot."

"net.mptcp.enabled can be set from inside an unprivileged net namespace"
this post | permalink
"bribing a senator with a 9-letter name will alter the last letter in their name on their subsequent appearances"

https://banyaszvonat.github.io/breaking-videogames/2025/03/30/off-by-one-or-is-it-two.html

#gamehacking #Disgaea
this post | permalink
@GossiTheDog @cisakevtracker Thanks for the heads up! I'm quite skeptical though given the previous FUD reports, can't wait to see more info about any observed attacks!
this post | permalink
@kajer @256 This is also a good time to remember the USB Cart of Death: https://devblogs.microsoft.com/oldnewthing/20240521-00/?p=109786
this post | permalink
@kajer @256 Good one! .HLP was also a vector for a long time, pretty sure there was some parser bug in the thumbnailer, *gestures wildly* Internet Explorer...
this post | permalink
@kajer @256 I'm like 3 minutes in, and I remember at least 3 remotely exploitable vulnerabilities in the presented features, fun times!
this post | permalink
@cR0w @wdormann I mean it's the logical next step if you want to pretend you can solve an unsolvable problem.
this post | permalink
@cR0w @wdormann Probably? Gmail definitely does that. Zero-click attack surface ftw!
this post | permalink
Linux kernel: CVE-2024-57882 fix did not prevent data stream corruption in the MPTCP protocol

https://seclists.org/oss-sec/2025/q2/0

"The analyze(sic!) of the patch (https://web.git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=cbb26f7d8451fe56ccac802c6db48d16240feebd) reveals that the root cause of the bug has been partially fixed."
this post | permalink
@wdormann @cR0w Reminds me of: https://project-zero.issues.chromium.org/issues/42452353#comment2
this post | permalink
Next Page