Posts
2962
Following
697
Followers
1542
"I'm interested in all kinds of astronomy."
buherator

buherator

Edited 7 months ago
#shitpost
0
0
2
buherator

buherator

Reply to
@cR0w Custom services get CVE's now?
0
0
1
buherator
repeated
wikipedia@wikis.world

Wikipedia

While we wait, here's a quick look at the web traffic currently hitting Wikimedia projects — can you perhaps guess when the reports of white smoke from the Vatican first started?

3
6
0
buherator
repeated
adafruit@mastodon.cloud

adafruit

Tariffs just got real: our first $36K bill with 125% + 20% + 25% markup hits hard 💸. These are upfront costs - due before selling a single unit - causing serious cash flow strain, price increases, read more! 📦 http://adafruit.com/tariffbill

7
25
0
buherator

buherator

Reply to @jerry@infosec.exchange
@jerry CDN's could come up with some clever compression/caching algorithm they could turn on every couple of decades!
0
0
0
buherator
repeated
openrightsgroup@social.openrightsgroup.org

Open Rights Group

Edited 7 months ago

Wikipedia @wikimediauk are going to court over the UK Online Safety Act!

Saddling platforms with hefty duties and penalties under the new regime will cause many safe sites to fold.

We can't lose the best of the web due to laws that were meant to tackle the worst of it.

https://www.bbc.co.uk/news/articles/c62j2gr8866o

1
11
0
buherator

buherator

Reply to @greg@infosec.exchange
@greg @algernon Thanks that's another data point then! I also remember having fun, and also being highly impressed by what one of the Markov-based tools could produce. In fact, I remember our reactions were really similar to those of early articles about ChatGPT (e.g. "it's arguing with me about X and making kind of good points").
0
0
2
buherator

buherator

This post by @algernon is a surprising confirmation of one of my theories about why many of "us" aren't really impressed by #LLM's:

https://chronicles.mad-scientist.club/tales/conversations-with-an-artificial-intelligence/

Thing is, we've seen this before, played with it, found its limits and got bored. Of course LLM's provide much better results, but I still don't think the underlying principle is that much different.

Same with shitcoins: we designed a proof-of-work system as teenagers for password cracking, so the principle is not magical to us and this goes against the marketing.
2
3
5
buherator
repeated
PTP@infosec.exchange

Pen Test Partners

Microsoft Copilot for SharePoint just made recon a whole lot easier. 🚨
 
One of our Red Teamers came across a massive SharePoint, too much to explore manually. So, with some careful prompting, they asked Copilot to do the heavy lifting...
 
It opened the door to credentials, internal docs, and more.
 
All without triggering access logs or alerts.
 
Copilot is being rolled out across Microsoft 365 environments, often without teams realising Default Agents are already active.
 
That’s a problem.
 
Jack, our Head of Red Team, breaks it down in our latest blog post, including what you can do to prevent it from happening in your environment.
 
📌Read it here: https://www.pentestpartners.com/security-blog/exploiting-copilot-ai-for-sharepoint/

5
15
0
buherator
repeated
linkersec@infosec.exchange

Linux Kernel Security

CVE-2025-21756: Attack of the Vsock

Michael Hoefler published an article about exploiting an incorrect reference counter decrement causing a UAF in the vsock subsystem.

With advice from h0mbre, the researcher used brute force to bypass KASLR and hijacked the control flow for LPE.

https://hoefler.dev/articles/vsock.html

0
7
0
buherator

buherator

Reply to @raptor@infosec.exchange
@raptor @tychotithonus
0
1
2
buherator
repeated
tychotithonus@infosec.exchange

Royce Williams

Edited 7 months ago

Really hoping that the title of the W3C's position paper "Third-Party Cookies Must Be Removed":

https://w3c.social/@w3c/114432468864338537

... is a deliberate echo of "Carthage must be destroyed":

https://en.wikipedia.org/wiki/Carthago_delenda_est

2
2
0
buherator

buherator

Reply to @freddy@security.plumbing
@freddy I'm in Room 101
0
0
2
buherator

buherator

Reply to
@somebody You do you!
0
0
0
buherator

buherator

Reply to @somebody@tech.lgbt
@somebody yeah SQLi's suck, but timestamps show he at least invented time travel in the process :P
0
0
2
buherator
repeated
filippo@abyssdomain.expert

Filippo Valsorda

Edited 7 months ago

The AWS team published a key-committing variant (https://eprint.iacr.org/2025/758.pdf) of XAES (https://words.filippo.io/xaes-256-gcm/)!

Still FIPS-compliant, and with a proof.

Key commitment ensures the ciphertext can only be decrypted with one key, to avoid issues in higher-level protocols.

1
1
0
buherator
repeated
robchapman@ohai.social

ℛ𝑜𝒷

“Anonymous has decided to enforce the Judge's order since you and your sycophant staff ignore lawful orders that go against your fascist plans,”

GlobalX, Airline for Turnip’s Deportations, Hacked

https://www.404media.co/globalx-airline-for-trumps-deportations-hacked/

0
2
0
buherator
repeated
Insinuator@infosec.exchange

Insinuator

New post: Disclosure: Input Validation Vulnerabilities in Microsoft Bookings https://insinuator.net/2025/05/disclosure-input-validation-vulnerabilities-in-microsoft-bookings/

0
2
0
buherator

buherator

Reply to @naught101@mastodon.social
@naught101 @i0null The whole submarine industry must be in shock from this crazy new development.
0
0
4
buherator
repeated
shitsecure@bird.makeup

S3cur3Th1sSh1t

Blogpost from my colleague about what’s still possible with recently published COM/DCOM toolings, Cross Session Activation and Kerberos relaying 🔥

https://www.r-tec.net/r-tec-blog-windows-is-and-always-will-be-a-potatoland.html

0
5
0
Show older
About infosec.place

Terms of Service

This is a placeholder, overwrite this by putting a file at 

$STATIC_DIR/static/terms-of-service.html

See the Static Directory docs for more info.