I have locally made a Root CA certificate. I used the CA cert to sign the IA cert and used the IA cert to sign the server certificate. When I try to access the local server which uses the server | Continue reading
I need to explain SQL injection to someone without technical training or experience. Can you suggest any approaches that have worked well? | Continue reading
Logless VPNs, such as ExpressVPN, claim that they can't tell authorities your real IP even if asked. They claim: No connection logs. Never logs connection timestamps, session duration, your so... | Continue reading
I realize the answers will be language specific, but I am curious what terms you would look for when checking something out on Github? I was looking for a remote administration tool that I could us... | Continue reading
If a certificate has a limited duration of, say 5 years, but it gets somehow compromised after 2 years, waiting the 3 remaining years for it to get invalid is not a real solution to the breach prob... | Continue reading
This mail that got through has me stumped. It appeared to me as being from PayPal <unclaimedproperty@paypal.com> in my Inbox. I happened to look at the original and it says SPF, DKIM and DM... | Continue reading
With password authentication you're basically giving your password to the attacker. At least that is my understanding. What about public key authentication? I hear that a private key never leaves y... | Continue reading
As far as I know, View page source does not execute any JavaScript, but is that good enough?Could there in theory be any vulnerabilities in the HTML parser or something similar?Have there been ... | Continue reading
Recently (just now) the npm package ua-parser-js was found to be hijacked. The hijack installs a crypto miner on preinstall but I noticed the following passage in the preinstall script:IP=$(curl -k | Continue reading
Consider an application using OpenSSL which has a bug. A packet capture of the full SSL session is available, as well as a core dump and debugging symbols for the application and libraries. A RSA p... | Continue reading
I held every chip (without desoldering, they were still onboard) in a lighter flame for a minute or two. They started "popping" a little if that indicates anything.Then I drove a nail i... | Continue reading
Today, when my boss talking with me, he suddenly said: No you don't need to worry about it, everyday you have 3 or 4 messages with agent in Linkedin right?I am very very surprised, because :I wo... | Continue reading
I did some research about how secure and private SMS messages are.Providers and governments can see these SMS messages in plaintext,but what is weird is that these messages are not encrypted in t... | Continue reading
I am currently trying to get an understanding of multi factor authentication. The biggest issue so far: When does "something you have" NOT get reduced to "something you know"? I... | Continue reading
Assuming quantum computing continues to improve and continues to perform like this:... quantum computer completes 2.5-billion-year task in minutesis it reasonable to expect that 256 bit encrypt... | Continue reading
If an application's code contains even minor and subtle inaccuracies, it can open up the entire database to SQL injection. In this example (see section 'Delete All Method'), the entire Users table ... | Continue reading
I just installed Firefox browser, while I have previously used Google Chrome as my main browser. I am using Windows 10.During the installation and setup process for Firefox, I was given the option... | Continue reading
I understand that the answer is probably that ideally, I would just have a secured api, but I want to understand the threats that exist as well as the defenses. And all of the articles I've read fo... | Continue reading
I was reading the OWASP Cheat Sheet Series, specifically their cheat sheet for REST Security and one of the points they had under the section for API Keys was:Do not rely exclusively on API keys to | Continue reading
The expensive one: https://www.dustinhome.se/product/5010873750/ironkey-basic-s1000The cheap one: https://www.dustinhome.se/product/5010887912/datatraveler-100-g3Over 14,000 SEK difference in pri... | Continue reading
I don’t understand the password vs. passphrase analyses that I read. Let me explain.Here is a pass phrase. It has 5 words using only lower case (I’m ignoring randomness for this purpose): friend ... | Continue reading
A family of N people (where N >= 3) are members of a cult. A suggestion is floated anonymously among them to leave the cult. If, in fact, every single person secretly harbors the desire to leave... | Continue reading
Some context: I was assinged on a pentest and found an application that let me place my own links in an a tag's href attribute. As expected, all strange values like javascript: were correctly filte... | Continue reading
I am about to sign up for an online school, which is an accredited statewide online school, and notice that the password they want me to enter is fully visible on the form. Should I be concern about | Continue reading
The premise of end-to-end encryption (E2EE) is that the client is secure and trustworthy, your end devices is secure and trustworthy, but the network and server need not be trusted. You've read all... | Continue reading
I'm pretty sure this is a stupid idea but I'd like to know why, so bear with me for a moment.Lots of the work backend developers do is providing CRUD access to customers via HTTP, essentially mapp... | Continue reading
Suppose I have a very simple PHP application that acts as a front-end for an SQL database. The user enters their query into a box, and the app shows the query results in a table.To prevent a use... | Continue reading
If I have a profile photo associated with a Google account, then when I enter my email address into GMail, but before I enter my password, the photo is shown.Is there a possible security breach t... | Continue reading
On some accounts I use my real name on-line (Google+/Facebook/Wikipedia/personal blog), others (Q&A/Gaming) I use an alias.My question is: Security and privacy wise, what can people do with m... | Continue reading
You boot up your computer one day and while using it you notice that your drive is unusually busy. You check the System Monitor and notice that an unknown process is using the CPU and both reading ... | Continue reading
I depend on PHP CLI for all kinds of personal and (hopefully, soon) professional/mission-critical "business logic". (This could be any other language and the exact same problem would still stand; I'm | Continue reading
This is an issue I'm recurringly facing: older people from my family (or people who my family members know) can be surprisingly reluctant to apply most basic security measures when they're using th... | Continue reading
I've seen a lot of people talk about how to pentest and how NOT to get caught during engagements but have a hard time finding "How to behave when caught during a Red Team engagement".Red Teams ar... | Continue reading
I have heard that there will always be vulnerabilities in codes, software. However, I don't understand why it is not possible to have an exploit-free software. If companies keep updating their soft... | Continue reading
I have heard that there will always be vulnerabilities in codes, software. However, I don't understand why it is not possible to have an exploit-free software. If companies keep updating their soft... | Continue reading
I've been playing around with different login forms online lately to see how they work. One of them was the Facebook login form. When I logged out of my account my email and password were autocompl... | Continue reading
I recently signed up for Privacy.com, which uses a service called Plaid to link a bank account. To do this, it requires the user to provide their banking username and password to a webpage from Pl... | Continue reading
I was going through the list of top 100K passwords and found Sojdlg123aljg near the top of the list. Does anyone have any idea why this is such a common password? | Continue reading
I've been playing around with different login forms online lately to see how they work. One of them was the Facebook login form. When I logged out of my account my email and password were autocompl... | Continue reading
Disclaimer: I have minimal web-dev/security knowledge so please answer as if talking to a "layman."I've heard that web-advertisements need to be able to run their own JavaScript so that they can ... | Continue reading
I'm no techie and would like your expertise in understanding this. I recently read a detailed article on SQLi for a research paper.It strikes me as odd. Why do so many data breaches still happen | Continue reading
Let's assume I have a server set up with an email address like me@mydomain.tld. Now I have distributed my business card with the e-mail address to all people all over the world and they keep sendin... | Continue reading
Consider the following scenario in an enterprise evironment, with desks and computers. By accident I throw a wad of paper with a password on it in the bin. It was meant to be a pre-shared password to | Continue reading
I have a password policy which states that users must not write and store their passwords down in plaintext. How can I ensure that they haven't done so by writing their password in emails, scripts, | Continue reading
Currently assessing an application, I found out that it is possible to submit an SVG file containing JavaScript (the app is also vulnerable to XXE). I wondered if there was a method to prevent those | Continue reading
On Debian 9, installing default-jre creates a hidden directory /etc/.java. This is flagged as a warning while I run rkhunter. Looking up online, I found an old bug report against Debian. The bug was | Continue reading
I have a password policy which states that users must not write and store their passwords down in plaintext. How can I ensure that they haven't done so by writing their password in emails, scripts, | Continue reading
I see situations where you may have to input the same password more than once. You may type it in a text editor and copy it to clipboard, to paste it two or more times.In what scenarios this coul... | Continue reading