security.didici.cc

Android application penetration testing prerequisites

2 hours ago

i want to get started in android application penetration testing, do i need to know any android development or java? and what the the things i should know before reading books and watching sessions in this topic?

encryption using openssl with custom rsa keys

3 hours ago

I made the following file asn1=SEQUENCE:rsa_k
ey [rsa_key] version=INTEGER:0 modulus=INTEGER:187 pubExp=INTEGER:7 privExp=INTEGER:23 p=INTEGER:17 q=INTEGER:11 e1=INTEGER:7 e2=INTEGER:3 coeff=INTEGER:14 this th ...

Secure Ids in Browser

3 hours ago

We (Every web app) frequently need to send ids to client side. How can we protect data (especially ids). Even if we encrypt using same key every time, it can be identified by analysis. For example. If I encrypt id "1" to let's say "ae!" (using any algo ...

How to block all outgoing connections from Visual Studio 2017?

7 hours ago

I added an outbound block rule on any ip/port for devenv.exe, But I'm still able to fetch files through visual studio. What might be the problem here?

Salt-encoding exception on Keepass2 DB hashes with long passwords

7 hours ago

I'm using HarmJ0y's python port for keepass2john With a short password like asdf for example, the port creates an 'initializationVecto
rs' of length 24, and hashcat accepts that without issue. But, with some arbitrary longer password 0f3f694cd1c2685
c46 ...

Session labeling with snort

10 hours ago

Is there any way to know that a session contains a certain signature in snort? alert tcp any any -> any any (msg:"facebook"
;pcre:"/facebook.com
/i";sid:10001;rev:1;
) The above code alerts when a packet contains 'facebook.com'. But i want to alert if any pa ...

What are the impacts of skipping the hostname verification during the handshake? [duplicate]

10 hours ago

This question already has an answer here: SSL verification of host name of https server 3 answers What are the possible impacts of not checking the host ...

Did Freedom System 2.0 used to provide privacy and pseudonimity via onion routing

10 hours ago

As I have been reading a paper known as "Freedom System 2.0 Architecture" where a user's IP traffic is being transfered between a path of Freedom Server Nodes before reaching to its end destination. It is an obsolete system from millenium's beggining but ...

Xmas Scan Versus FIN Scan

11 hours ago

While studying NMAP, I came across different port scans out of these XMAS and FIN scan caught my interest. Though XMAS scan sends FIN, URG and RST flags yet the response is same as that of a FIN scan which only sends a FIN packet. How to decide when to us ...

Running a site on php Development Server without internet Access

11 hours ago

I need to run a php site on kali without internet access to test some vulnerabilities on a local network so that other machines can access it similar to this question. The problem is there is no httpd.conf here in kali. I am running php Development server ...

Random read access in mode of operations

13 hours ago

Is the random read access a positive or negative trait in terms of security? Does this mean that an attacker who is trying to decrypt some data or block of data, will be able to decrypt randomly any block he/she wants if random read access is supported in ...

Number to words converter

13 hours ago

Is there any library for Javascript and Java to convert numbers to words? Example: number2W
ord(1) //returns "one" number2Wo
rd(106) //returns "one hundred six" I found some libraries, but they are not fully multi language support. They support only 8-10 ...

Using airolib-ng with crunch and then using the file using aircrack-ng gives unexpected result

15 hours ago

I'm using Kali Linux - Kali GNU/Linux Rolling 64-bit. on an Intel i3 64 bit Machine. I'm using airlib-ng and crunch to generate password Database and use that Password Database in aircrack-ng to crack the Captured Handshake of a WPA2 Wireless Network. ...

possible scamware

17 hours ago

I have seen a few reports on a download problem that involves a "mapuser?providerid=
" notice as being a file proposed for down load from a server called "usync.nexage.com&qu
ot; It seems to me that whoever oversees this message forum is being flip and ignori ...

Accidently opened a phishing email, is my computer infected by malware?

19 hours ago

I was looking through my unread emails when I accidently opened a Paypal phishing one. I thought it was legit because I saw in the preview it was from "[email protected]
.com", but I got some doubt after noticing the email was full of grammar mistakes an ...

Google's Certificate Fingerprint doesn't match with the Fingerprints in the Chrome's "net-internals" configurations

19 hours ago

As you may know, you can query chrome's HSTS/PKP sets for a domain in the page chrome://net-internals as below: As you see above, there are four SHA256 hash values (in the middle of page and in base64 format) for www.google.com. If we convert those va ...

Authenticate against third party with OTP

22 hours ago

First of all I want to mention, that I absolutely do NOT want to implement my own crypto in any way. I was just thinking about this topic and after some research I was not finding a good solution. I hope, that there is a known solution for this problem ...

2 IP address ( on lan ) from 1 Nic of Linux

1 day ago

I came across a very weird problem recently. Apparently, I have been getting 2 IP addresses from the same Linux machine connected to the router ( as visible on the router page ). First, I thought that something is wrong with my router and so I tried it on ...

2 IP address (on LAN) from 1 NIC on Linux

1 day ago

I came across a very weird problem recently. Apparently, I have been getting 2 IP addresses from the same Linux machine connected to the router ( as visible on the router page ). First, I thought that something is wrong with my router and so I tr ...

What are the EFAIL "backchannels in email clients not related to HTML"?

1 day ago

The published examples for exploiting the EFAIL email encryption vulnerability all appear to use HTML to create a backchannel for exfiltrating decrypted data. However, the homepage of EFAIL, https://efail.de/ , claims: Short term: Disable HTML render ...

Remote host identification is different on different networks

1 day ago

When I ssh to a server - let's call it x.x.x.x - over one network, Network A, I get a message that the remote host identification has changed. If I use one of two other networks, call them Network B and Network C to connect to x.x.x.x, I don't get the me ...

Windows PFX certificate import: protect private key using virtualization-based security?

1 day ago

On Windows 10 v1803 (i.e. April 2018 update) when importing a PFX, an option like [ ] Protect private key using virtualization-based security (non-exportable) appears on the import wizard. What is the underlying technology and it's mechanics from secu ...

There is any face recognition algorithm cannot be fooled ?

1 day ago

I want to implement face recognition test for authentication security in django web frame work using opencv and I knew that it can not be a real time test in django frame work so I take photo with webcam and apply the test on it , but this make it too eas ...

Retreiving Google Chrome passwords

1 day ago

While retrieving Google Chrome passwords on macOS, I've noticed that the passwords all come up as the same thing (something along the lines of): Vi??M!4NNn. How I retreived them was with the following (as a non-admin): cd "users/user/library/
application ...

Is it safe to send Content-Security-Policy header for text/html content-type only?

1 day ago

Is it safe to send Content-Security-Policy for dynamically generated pages with text/html content-type only or do I need to send this header for all files including static assets - images, JS and CSS files?

Vulnerable MS Office Word

1 day ago

I'm a student. In one of my works I need to show how Peach fuzzer finds binary vulnerabilities. I've heard there were vulnerabilities in Microsoft Office Word 2003 SP1 Peach can detect, but I can't find and download this version of MS Office Word. Could y ...

How does gcc compiler guard stack for stack overflow?

1 day ago

When we compile c program with gcc, we have to inlude "-z execstack" option to enable stack overflow attack. The question I want to ask is how does gcc implement this . Without this option, how does gcc guard the stack? Please explain me in detail if pos ...

What privacy violations were made possible by Comcast's recent security breach?

1 day ago

As you may have seen in the news recently, comcast had a security breach wherein they exposed all customers' wifi passwords. What could attackers have potentially done with that info? Could they sniff network traffic? View IP cameras? We all know it's uns ...

How to store nonce and key when working with libsodium secretbox?

1 day ago

Why am I asking? I am very new to cryptography (so please be patient with me...) and I want to avoid making unnecessary mistakes. I did a lot of research, but - other than with most other programming related questions - I had a hard time finding enough i ...

Call a URL from biometric and respond it to EM lock to open the glass door

1 day ago

We have got the following devices. Biometric eSSL K30 & EM lock TE600L to operate a glass door with our software. Here what we need is to call localhost?uid=4534 when the figure is kept on the biometric device and when the url return the value 1, the EM l ...

Is generating a random salt for every password-hash but not saving the salt good/bad?

1 day ago

I read this related article: Hashed pw storage with random salt which is kind of related to my question, but in the question and in the answers as well they mention to store the random salt used to hash the password in the database. Now I'm using bcrypt ...

what are the loop holes in ssh tunneling?

1 day ago

I am working on react web app build on my local pc at port: 443 and I want to make it accessible via internet for testing purpose. One solution that I came across was ssh remote port forwarding as mentioned in this article. My institute has one server tha ...

Is it safe to log into crypto exchange account using coworking space or coffee shop wifi network?

1 day ago

I day trade cryptocurrency and want to start using coworking spaces for faster internet access. 1.a. Is it safe to log into my exchange account using the coworking space network? 1.b. What questions should I ask them about their network's security [to ...

Best way to secure Telegram Token in program?

1 day ago

My program (written in C++) utilizes a telegram bot for sending me status messages. For being able to do that it needs the bot token (a simple string), something which I prefer to keep private. This program will not only run on my own computer, but also o ...

Does SSH generate traffic when listening?

1 day ago

Does a service, for example, SSH, generate traffic when only listening (e.g. does it advertise itself in some way) when there is no connection established? I ask as on Android devices for example, we can monitor incoming and outgoing traffic, great - we ...

how does security work in a cloud-to-cloud backup scenario

1 day ago

I'm thinking of using Spinbackup which is a cloud-to-cloud backup of gmail, but I was resistant to the idea of telling Spinbackup my gmail password for obvious reasons. However, on the Spinbackup security page https://spinbackup.com/is
-spinbackup-safe/ it ...

Damage of a leaked ETag

1 day ago

I've read multiple times that leaked ETags from Webservers are considered an information leakage vulnerability. For example in the server response headers: ETag: But I have not found a reason why this is a problem or how this may be abused. Of cours ...

What use does a TPM have for accurate timekeeping?

1 day ago

I stumbled across this image and something immediately stood out to me. This is a photograph of a discrete TPM card. That silver cylinder on the left is a crystal oscillator, used to tell time with very high precision. At first I thought it must be used a ...

Internet Key Exchange(IKE) in IPsec

1 day ago

I got a question. As we all know, IKE will start as 1 peer is initiator and the other is responder. Each SA has a life time. Is there any situation that 2 peers start a request for a new SA( this case, we have two initiator). If such case exists, how coul ...

Internet Key Exchange (IKE) in IPsec

1 day ago

As we all know, IKE will start with one peer as the initiator and the other as the responder. Each SA has a lifetime. Is there any situation that two peers start a request for a new SA (in this case, we have two initiators)? If such a case exists, how wou ...

Safest way to test potentially comprimised site backup file?

1 day ago

My website, along with the VPS and every device in my home was wrecked some months ago. I recovered everything except for the site data, which i spent 100s of hours on in effort to help others with the Social Security Disability application process. The o ...

School Tracking On Rented Chrombooks

1 day ago

At my school you must have a laptop, either you buy one or you rent one from the school. Other articles have told me that they track what we do but none have answered my question on if after you've bought the Chromebook from your school if they still trac ...

School Tracking On Rented Chromebooks [on hold]

1 day ago

At my school you must have a laptop, either you buy one or you rent one from the school. Other articles have told me that they track what we do but none have answered my question on if after you've bought the Chromebook from your school if they still trac ...

School Tracking On Sold Chromebooks [on hold]

1 day ago

At my school you must have a laptop, either you buy one or you rent one from the school. Other articles have told me that they track what we do but none have answered my question on if after you've bought the Chromebook from your school if they still trac ...

how to leave a message in logging out in aws ec2 ssh?

1 day ago

In my ec2 ubuntu instance, I wanted to exit or logout the ssh leaving a message. It will be recorded in /var/log/auth.log so that we would know who's developer went in. I did some research. I tried searching this: https://www.google.com.ph
/search?q=how+t ...

What are my options to store a key which unlocks encrypted data locally on a device?

1 day ago

Think whole-disk encryption. I have a similar situation where I need to encrypt some data on a device (embedded, not PC) but that data needs to be decrypted and used when the device is booted up. The problem is, there is no user interface available and it ...

Is there a way to detect the encoding algorithm of a string?

1 day ago

I need something like hash-identifier tool, but for encoding schemes. Is there a similar tool out there?

Usync.nexage.com clicked cancel, cleared history, still said something was downloading?

2 days ago

I decided to go on eBay to look at some computers when I noticed a download pop up on my screen. I clicked cancel then after that searched what exactly could be found a thread on here about it instantly did everything it said and it still said there was a ...

Is there a standard checksum for verifying multipart key fragments?

2 days ago

We will have a symmetric key arriving in three component parts. Once all parts arrive, the key custodians will get together for a ceremony where each enters their part of the key into a secured system. This system will XOR the parts together to combine ...

decoding symmetric keys

2 days ago

So i been trying to decode this Keys for a class i am in but i got kinda stuck some help would be nice on how i should approach this here is the question below. The decryption key is one of the keys below: TMPnFpA4UZi5TpTsEfKeFJ ...

Information Security Procedur and Related Organizations

2 days ago

Which organization audits the Chief Digital Officer (CDO)? Examples are like SOX, DMCA, GLBA, HIPPA, FISMA...

What network settings to chose for penetration tests from inside a VM?

2 days ago

I would like to set a VM with Virtualbox containing Parrot OS for future penetration testing applications. Therefore, in my opinion, the VM needs access to network interfaces or at least certain ports, ... Which VirtualBox network configuration (or type) ...

Security of emails from ProtonMail to Gmail

2 days ago

I understand that Gmail to Gmail is not very secure. On the other hand, ProtonMail is a very good option with great features. But there is one thing I don't quite understand: Why should I use ProtonMail if the recipient uses Gmail? How is this more secu ...

Backup is corrective control or a preventive control?

2 days ago

This is a theoritical question. There are preventive controls and corrective controls. So, is Backup a corrective control or a preventive control? There are mixed answers and mixed explainations. (CISA EXAM)

Request permission to PenTest on GoDaddy servers

2 days ago

I have recently been asked by a customer to perform a pentest against a web application hosted on a GoDaddy server. Because the server is not physically owned by my customer I'm aware that I need to request permission from GoDaddy in order to proceed. Ot ...

Unicornscan error: Main [Error chld.c:53] am i missing children?, oh well [on hold]

2 days ago

I am receiving the following error while using unicornscan in kali machine (while doing UDP scan). Main [Error chld.c:53] am i missing children?, oh well What am I doing wrong? unicornscan -mU -r200 -I 10.11.1.125:1-65535 -vv

Any reason NOT to set all cookies to use httponly and secure

2 days ago

Assuming a site is using all https all the time (LB redirects port 80 to 443), is there any reason not to force every cookie set by the application to use BOTH secure AND httponly? currently, for example, a PCI scan will only flag the jsessionid as not ...

usync.nexage.com Malware/Hack/Breach?

2 days ago

Related to this question: Is This A Hack/Malware/Breach?? A Download pop up appears on KCRG.com asking to download mapuser?providerid=29472u
serid= From: usync.nexage.com Issue: Browser will ask if you are sure you want to close while downloads are in ...

usync.nexage.com MS Edge Exploit? [on hold]

2 days ago

Related to this question: Is This A Hack/Malware/Breach? OS: This issue has appeared since the latest Windows 10 Update Applies to: Windows 10 version 1709 for x64-based Systems (KB4134661) https://supp
ort.microsoft.com/en-us/h
elp/4134661/provides-a-no ...

Mobile phone metadata question

2 days ago

Originating number 1 v Originating number 2 shown on cell phone bill metadata for the same cell phone at the same time? How is it possible, that the cell phone is using two distinct numbers for originating the same call? (AT&T)

How a VPN makes the effect of being physically in that private network?

2 days ago

I know the basics of how a vpn works, but what I cannot get it is why if my computer is connected to a company via VPN, why my computer experience like if it was physically there in the company. I know that in reality this is not like that, but I cannot c ...

nmap traceroute shows only one hop regardless of target

2 days ago

I'm using Zenmap to map out the network topology of the company I'm working in. When I ran the following command to trace route how my system connects to the internet but Zenmap only shows me a single hop (attached screenshot). nmap -sn --traceroute goo ...

Can I use gpg-agent to encrypt & decrypt a file?

2 days ago

I found Android has not a good gpg application. (I know OpenKeyChain, but it's lost some important feature.) So I want to create a project. Now, I open the gpg-connect-agent. But I'm not found any command to encrypt or decrypt data. Otherwise, In my opin ...

How to Force STARTTLS on Outlook and other clients

2 days ago

im currently writing on an essay about securing E-Mails. Now im on that point that i wanted to know if it´s possible to force STARTTLS in connectiones via SMTP or POP3/IMAP from the clients side. I know i can configure the Client that it will use STARTTL ...

Utility of intermediate certificate

2 days ago

I do not understand the need to use intermediate certificate: -I read that using root certificates and intermediate certificates allows to be more resilient if an intermediate certificate is broken. But to me, having one root certificate and 100 intermed ...

How to extract RSA parameters from 256 bits private key?

2 days ago

This wiki shows how to convert a private key to bitcoin's wallet import format: https://en.bitco
in.it/wiki/Wallet_import_
format And it provides a sample 256 bits private key: 0C28FCA386C7A227600
B2FE50B7CAE11EC86D3BF1FBE
471BE89827E19D72AA1D How can I ex ...

How has someone gained access to the password for my Google account?

2 days ago

Earlier today, I received an automated text from Google stating.. Google blocked someone with the password for (email address) from signing in to the account. Learn more: google.com/signins I immediately changed my password. I checked where in the ...

Is there a difference between "Maximum Tolerable Downtime" and "Maximum Allowed Downtime"?

2 days ago

I'm studying for the CCSP exam and one of the BC/DR terms that is referenced in my study material is "Maximum Allowable Downtime". The definition for it is: MAD (Maxium Allowable Downtime) How log it would take for an interruption in service to kill ...

Why do DESFire and Mifare Plus cards offer a random UID feature?

2 days ago

Perhaps this is a beginner question, but I have searched a lot and could not find any answers. Why do DESFire cards and Mifare Plus cards offer a Random UID feature? What risks should it mitigate or what features should it offer?

File encryption with AES-256-CBC vs Chunk encryption

2 days ago

I'm developing a protocol that requires a synchronous and ordered file transmission from a server to a device, over TCP. Each chunk is encapsulated in a message that has other fields that are out of scope of this question. One of the requirements is tha ...

What is "mapuser" download from usync? Malware?

2 days ago

I saw a recent post with the same question but I'm unable to comment on it as it's on hold. My Mom logs into Hotmail and a download box appears at the bottom saying "mapuser?providerid=
,,,(345 bytes)" from usync.nexage.com. Even if she says no to the di ...

Why don't mobile devices let you change the IMEI number for better security?

2 days ago

The vast majority of modern day mobile devices have a fixed IMEI number that's impossible to change, which makes it easy to track people if they use the same device constantly. It's quite easy to swap SIM cards frequently if you wish to stay anonymous, ho ...

Why don't mobile devices let you change the IMEI number for better anonymity?

2 days ago

The vast majority of modern day mobile devices have a fixed IMEI number that's impossible to change, which makes it easy to track people if they use the same device constantly. It's quite easy to swap SIM cards frequently if you wish to stay anonymous, ho ...

Securing Stateless web application

2 days ago

I have several Microservice build on Spring Boot Java. We have two client application (Browser based and mobile apps) accessing these APIs. I use JJWT tokens for user authentication and its on HTTPS. How do i make sure the API is only accessible from tr ...

Multi-factor asking condition

2 days ago

It is an established fact that the error message of login pages should not specify wether the password or the id is the problem. But for an application with multi factor authentication, should we ask for another factor only when the login/pass couple is ...

How can WPscan bruteforce passwords without hitting any limit rate? Also, which process does it use to enumerate all users?

2 days ago

I've just watched this video which shows the attacker bruteforcing both usernames and passwords. How can this be achieved without hitting any limit rate ? Does it mean that WordPress doesn't provide any limitations by default ?

How can WPscan bruteforce passwords without hitting any limit rate?

2 days ago

I've just watched this video which shows the attacker bruteforcing both usernames and passwords. How can this be achieved without hitting any limit rate? Does it mean that WordPress doesn't provide any limitations by default?

How much entropy is required for a Grid Card?

2 days ago

We're in the process of implementing multifactor authentification. One good candidate for this was the "Grid Card" - a small table with random letters and digits. Upon login, the user would be queried for the contents of a cell in the grid. Example For ...

ROP Attack :Force the program to manipulate an instruction as a gadget

2 days ago

I'm doing basic exploitation test on a simple program with fiew lines of code. I intend to exploit a buffer overflow vulnerability to perform a ROP attack. To gather the available gadgets I use ROPgadget tool. I found a very useful gadget at address let's ...

THe benefits of using PCI DSS requirements, HIPAA guidance and NIST guidelines servers

2 days ago

Just for the fun of it, I managed to get my personal server to comply with the PCI DSS requirements, HIPAA guidance and NIST guidelines. I was trying to explain the benefits for our customers to my manager, but failed because I am to technical to explai ...

Can Signal encrypted voice calls be listened inito by other apps?

2 days ago

Signal App (by Open Whisper) provides encrypted voice calls allow two people to communicate via data connection with secure encryption (assuming no MiTM attack). Given that Signal App uses the microphone on the mobile devise (iPhone/Android) and many oth ...

Can Signal encrypted voice calls be listened into by other apps?

2 days ago

Signal App (by Open Whisper) provides encrypted voice calls allow two people to communicate via data connection with secure encryption (assuming no MiTM attack). Given that Signal App uses the microphone on the mobile devise (iPhone/Android) and many oth ...

Verifying resident program "integrity" before every run

2 days ago

I am aware that operating systems verify authenticity & integrity of a program file while installing a program to a system. My question is, do popular OS's provide a way to verify (and warn the user if modified/tampered with by malware on the system) the ...

Question about the public key in the CSR

2 days ago

I am trying to understand the CSR generation process. I create a private key using Openssl tool. Then use the private key in a command to create a CSR. I know that CSR will contain a public key. What I don't understand is, how is the public key created? o ...

Iphone/windows transfer

2 days ago

I’ve an iphone which i suspected was hacked.i used to connect it to my computer. So, i restored the iphone on itunes from computer. Is connecting my phone to computer can transfer any spyware files and vice verse?. If I already restored my iPhone but i ...

Can malware transfer itself between iPhone and Windows laptop?

2 days ago

I have an iPhone which I suspect was hacked. So, I have restored the iPhone using iTunes on my computer. When connecting my phone to my computer, can any spyware files transfer from the phone to my computer and vice versa? If I already restored my iPhone ...

EDGE javascript engine debug and analysis

2 days ago

how to quickly debug the vulnerability about Edge which is published,how i can known about the version of Edge chakra which corresponding to the vulnerability.

trouble running kali linux

2 days ago

Can anyone tell my why I'm getting this message? [email protected]:~# nmap -sS 192.168.1.3 Starting Nmap 7.31 (https://nmap.org) at 2018-05-22 14:58 EDT mass_dns: warning: Unable to open /etc/resolv.conf. try using –system-dns or specify valid servers with ...

trouble running nmap [on hold]

2 days ago

Can anyone tell me why I'm getting this message? [email protected]:~# nmap -sS 192.168.1.3 Starting Nmap 7.31 (https://nmap.org) at 2018-05-22 14:58 EDT mass_dns: warning: Unable to open /etc/resolv.conf. try using –system-dns or specify valid servers with ...

Content-Security-Policy suspicious entries in the log

2 days ago

I've set up Content-Security-Policy-R
eport-Only header, and am in report-uri getting relatively high number (several hundred per month) of failed requests on img-src for suspicious URLs: https://netanalyti
cs.xyz/metric/ https://ne
tanalitics.space/metric ...

Nmap network scan private ip vs public ip

2 days ago

I'm trying to determine which devices are associated with each IP address on my home network. I'm determining this by the operating system they run on. When I use the command : ifconfig on my ubuntu machine under wlp1s0 I get 10.0.0.11 for my inet addr ...

How to read auth.logs in AWS ec2 instance logs?

2 days ago

We were looking into this file, /var/logs/auth.logs and shows this: (Question 1:) Is this a possible hack attempt? Using this website https://www.abuseipdb.com
/check/59.173.173.107 I can track the origin of the IP address. I also run this command las ...

Concern About Audio Steganography and DRM

2 days ago

I recently made a post about an audio steganography program and had another concern I thought I might ask. I understand that most music has DRM in them. If I hide secret files in audio files with DRM can an adversary see that I have hid files in it becaus ...

Audio steganography and DRM

2 days ago

I recently made a post about an audio steganography program and had another concern I thought I might ask. I understand that most music has DRM in them. If I hide secret files in audio files with DRM can an adversary see that I have hid files in it becaus ...

debugging why TLS fails between openssl and some SSL sites

2 days ago

I have an old CentOS 5.11 system running OpenSSL 0.9.8e. I am able to connect most SSL sites with no problem. However with some sites like www.looklinux.com, if I try to connect I get this error: openssl s_client -connect www.looklinux.com:443 CON
NECTE ...

Can a bluetooth speaker contain malware?

3 days ago

Can a bluetooth speaker contain malware? If someone were to find a random bluetooth speaker laying around and tries to connect with it, is there a possibility that the speaker has malware in it?

Is eFax more secure than analog faxing?

3 days ago

I have recently come out of a meeting with a VoIP sales agent. He mentioned that we would receive eFax with the phones which is, in his words, “…more secure then analog faxing” when I asked him, how it was more secure he mentioned that one of his co ...

This method will allow EFAIL-safe sending of OpenPGP encrypted messages to otherwise EFAIL-unsafe readers: TRUE or FALSE

3 days ago

Moderators: Please note this is not a replica of (Is this a simple protection against EFAIL?) because the strategy differs in that it places delimiters at the beginning of each plain text to be encrypted as a single block. Background The EFAIL security ...

Will this method allow EFAIL-safe sending of OpenPGP encrypted messages to otherwise EFAIL-unsafe readers?

3 days ago

Moderators: Please note this is not a replica of (Is this a simple protection against EFAIL?) because the strategy differs in that it places delimiters at the beginning of each plain text to be encrypted as a single block. Background The EFAIL security ...

LFI what are PHP wrappers good for?

3 days ago

I've been working on local file inclusions lately. There are things I don't understand yet, I hope you can help me. What are the wrappers good for ( for example'php://' or'data://')?
What can I use the wrappers for and what other wrappers are available ...