udunadan

joined 1 year ago
MODERATOR OF
exploitdev
sorted by: new top controversial old
1
No More Speculation: Exploiting CPU Side-Channels for Real (bughunters.google.com)
1
Diving into Windows Remote Access Service for Pre-Auth Bugs (www.blackhat.com)
submitted 1 year ago* (last edited 1 year ago) by udunadan@infosec.pub to c/exploitdev@infosec.pub
0 comments fedilink
1
iOS 17: New Version, New Acronyms (www.df-f.com)
1
You have become the very thing you swore to destroy: Remotely exploiting an Antivirus engine (cfp.recon.cx)
1
Use Native Pointer of Function to Bypass The Latest Chrome v8 Sandbox (medium.com)
1
In-depth Analysis of the CVE-2023-29300 Adobe ColdFusion Serialization Vulnerability (github.com)
1
[Chrome] CVE-2023-2033 (github.com)
1
Exploiting a Flaw in Bitmap Handling in Windows User-Mode Printer Drivers (www.zerodayinitiative.com)
1
An Introduction to Exploit Reliability (blog.isosceles.com)
1
MSMQ QueueJumper (RCE Vulnerability): An In-Depth Technical Analysis (securityintelligence.com)
1
Summary: MTE As Implemented (googleprojectzero.blogspot.com)
1
All known API based kernel address leaks on Windows no longer work (twitter.com)
submitted 1 year ago* (last edited 1 year ago) by udunadan@infosec.pub to c/exploitdev@infosec.pub
0 comments fedilink
Lemmy Security Vulnerability: XSS In the Wild in c/infosecpub@infosec.pub
Reddit Refugees on Lemmy, how are you guys liking lemmy so far? in c/asklemmy@lemmy.ml
[–] udunadan@infosec.pub 6 points 1 year ago

The content is really bounded by tech stuff, but I guess that's due to migration being important for tech-savvy users. It is true that appending "reddit" to search queries and following the results is still inevitable (but hey, libreddit and teddit still work). But vibe is completely different, very organic, very active, I like it a lot. I think there is a lot of potential in this feeling of authentic communication. Let's hope it grows.

Lemmy is much better replacement for Reddit than Mastodon is for Twitter.

Lemmy Security Vulnerability: XSS In the Wild in c/infosecpub@infosec.pub
This is Fine: Optimism & Emergency in the P2P Network in c/infosecpub@infosec.pub
[–] udunadan@infosec.pub 5 points 1 year ago* (last edited 1 year ago) (1 children)

Well, the malicious actors can setup their own instances as well and exploit the inherent trust between the participants by design. P2P sold as security property in the scenario where participants are unknown and multiple in numbers is misconception. It does not square well with basic security mindfulness, and shouldn't be taken as improvement in that regard.

I think that federation and all this stuff is not about improving security, it is a form of grassroots communication based on certain principles. If you need security, you use other tools, and treat these things as public, hostile spaces.

Threadiversal Travel - A guide for Lemmy, Kbin and general Reddit off-ramping in c/infosecpub@infosec.pub
[–] udunadan@infosec.pub 5 points 1 year ago (1 children)

Such guides should probably warn that instances run by volunteers do not have dedicated security teams and that OPSEC has to be adjusted accordingly. Not that centralized services are essentially safer (they are juicier targets), but nevertheless it is still important to remember.

Apologies for the problems in c/infosecpub@infosec.pub
[–] udunadan@infosec.pub 4 points 1 year ago

Thanks, Jerry!

trouble commenting on any federated thread in c/infosecpub@infosec.pub
[–] udunadan@infosec.pub 1 points 1 year ago

Same same.

Reddit hackers threaten to leak data. in c/securitynews@infosec.pub
[–] udunadan@infosec.pub 3 points 1 year ago

It's a spam, appeared in /c/exploitdev as well.

Security & privacy on this instance / lemmy as a whole? in c/infosecpub@infosec.pub
[–] udunadan@infosec.pub 1 points 1 year ago

Use Signal, use Tor, as they say.

view more: next ›