infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@wdormann
this post | permalink
XZ Utils: Threaded decoder frees memory too early (CVE-2025-31115)

https://www.openwall.com/lists/oss-security/2025/04/03/1

"Our belief is that it's highly impractical to exploit on 64-bit systems
where xz was built with PIE (=> ASLR), but that on 32-bit systems,
especially without PIE, it may be doable."
this post | permalink
@da_667 @Viss @cR0w @mttaggart I don't remember UPX unpacker vulns in FE specifically, but this old P0 post is still a fun read:

https://googleprojectzero.blogspot.com/2016/06/how-to-compromise-enterprise-endpoint.html

Edit: it seems they needed a (rather trivial) privesc in case of FE, so give credit where it's due ;)

https://project-zero.issues.chromium.org/issues/42452189
this post | permalink
@Viss @da_667 @cR0w @mttaggart FTR it was Felix Wilhelm (who then went to big G) and these seem to be the slides:

https://ernw.de/download/ERNW_44CON_PlayingWithFire_signed.pdf
this post | permalink
@mttaggart @cR0w I don't want unicorns, I just would like to see that shitty security QA has consequences on the market, regardless of technology.
this post | permalink
The Exploit Development Life Cycle: From Concept to Compromise /by @chompie1337

https://www.youtube.com/watch?v=ce0bXORSMX4
this post | permalink
@cR0w How can this company still exist?
this post | permalink
@swapgs well this is my code so :D
this post | permalink
New from Igorrr!

https://igorrr.bandcamp.com/track/adhd
this post | permalink
[RSS] Finding an Unauthenticated RCE nday in Zendto, patched quietly in 2021. Lots of vulnerable instances exposed to the internet.

https://projectblack.io/blog/zendto-nday-vulnerabilities/

#NoCVE
this post | permalink
Next Page