infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@inthehands "Safely rewriting that code would take years" is a massive understatement from Wired too.
this post | permalink
ReactOS 0.4.15 Released

https://reactos.org/project-news/reactos-0415-released/

"Now, kernel access checks are fully functional and prevent unauthorized access to system objects. As a result, the Windows kernel now works with the vast majority of modules from ReactOS."
this post | permalink
use-after-free (maybe?) in libspf2 /by @hanno

https://www.openwall.com/lists/oss-security/2025/03/28/1

Maybe @thezdi could shed some light on CVE-2023-42118 ?
this post | permalink
Rivers of Nihil featured in the CMS Live stream :D

https://www.youtube.com/watch?v=r7IoAtt8r24

#metal
this post | permalink
The IP-law debate around #LLM's reminded me of this old joke:

A cute little girl walks up to the ice cream stand:
- Hello, how much is an empty cone?
- Oh, I can give you that for free - smiles the shop owner
- OK, then I'd like to have 5000 of them!
this post | permalink
[RSS] CrushFTP Authentication Bypass: Indicators of Compromise

https://www.horizon3.ai/attack-research/crushftp-authentication-bypass-indicators-of-compromise/

CVE-2025-2825
this post | permalink
[RSS] MindshaRE: Using Binary Ninja API to Detect Potential Use-After-Free Vulnerabilities

https://www.thezdi.com/blog/2025/3/20/mindshare-using-binary-ninja-api-to-detect-potential-use-after-free-vulnerabilities
this post | permalink
[RSS] The Evolution of Dirty COW (1)

https://u1f383.github.io/linux/2025/03/27/the-evolution-of-COW-1.html
this post | permalink
After its legendary curator passed away a few years ago the reel-to-reel museum reopened in Keszthely:

https://www.youtube.com/watch?v=rySEk-eXFaY

#Hungary
this post | permalink
@stf The more I work in security the more I feel like being part of a large scheduling algorithm: we discover some information, associate some risk, then people will end up workin on some specific stuff. If we cause priority inversion, starvation, etc. then we are a bad scheduler.

In this case:
- The original recommendation ("uninstall it!") turned out to be totally unsubstantiated, we can by all means call it misinformation
- Secrecy about details added to the fear and also *actively misdirected efforts* both at level of security teams and at devs/researchers (see the confusion about #330 & people looking at new commits to find backdoors)

Since no significant new attack surface/vector was presented I don't even think the code will get that much of scrutiny as exploitability is pretty low (local with user interaction).

In the end, the cost-benefit analysis looks really bad to me.
this post | permalink
Next Page