security.didici.cc

Does John the ripper need to be given the Hash format in order to crack it

2 hours ago

Doing some hash rooms on THM and whenever I run the hash files they give me ill just start like this. John --wordlist=(rockyou) (hashfilehere) It will run and then i'll just get an output with a bunch of warnings telling me what possible hash types it cou ...

Whatsapp Web Login History

5 hours ago

kinda similiar question to this WhatsApp Web Logged in computers except I know the person who used whatsapp web on my device without my permission. Problem is I long time deleted the login Information displayed on whatsapp web. Is there somewhere an Weblo ...

How prototype pollution works? Need simple explanation

6 hours ago

How does prototype pollution in javascript could pose danger to data and how it does happen?

From a modular development standpoint, should a "firewall" do anything else than filtering ports?

7 hours ago

From a modular development standpoint, should a "firewall" do anything else than filtering ports?This leads me to further ask, have there been attempts to reform the terminology from "firewall" to "port filterer"?

How unsafe is a USB flash drive vs DVD for OS (Tails linux)?

8 hours ago

Compared to a DVD live Tails Linux, how unsafe is using the USB version? I'm trying to help a friend who for years has been mired in the laborious iterative process of remastering their own DVDs of Knoppix in the name of security. The use case: Tails Linu ...

Latest malware targeting VPN infrastructure(2021)

9 hours ago

wanted to ask about the latest malware targeting VPN infrastructure and the most popular exploits, I am researching so anything will be helpful. I really appreciate any help you can provide.

How does local pass-the-hash (mimikatz's sekurlsa::pth) work?

10 hours ago

Mimikatz's sekurlsa::pth documentation states: mimikatz can perform the well-known operation 'Pass-The-Hash' to run a process under another credentials with NTLM hash of the user's password, instead of its real password. For this, it starts a process wit ...

Is express.js and express-session is secure?

10 hours ago

I wonder is these npm packages are secure enough to be used commerical projects? it shows lots of security issues and npm audit fix sometimes dont fix them

how to identify if a website is using PHP? how the identify PHP version?

10 hours ago

I am having a vulernable test site up, that runs PHP. How is it possible to detect as an attacker, that PHP is used? if I type .../add.php the site gives back an error message, although the file is add.php If I type .../add the site is running Can I maybe ...

How can an attacker identify if a website is using PHP? How about the PHP version?

10 hours ago

I have a vulnerable test site up that runs PHP. How can an attacker identify that PHP is used? if I type .../add.php the site gives back an error message, although the file is add.php. If I type .../add the site runs. Maybe I can inject code to identify P ...

What is the difference between a SoC and a CSIRT?

11 hours ago

So, from a summary of what I have found on the internet, SoC collects information and the CSIRT makes conclusions based on that info. However, from what I see in labs/challenges websites like BlueTeam Labs Online, those lines aren't that defined since d ...

How does mysql injection gives out results from database?

11 hours ago

I wonder lets say there is some page is vulnerable and it gets sql injected now php on backend only returns specific rows does not return password in any way, how people get off the passwords using that?

Sql injection how does getting data outside from susposed rows works?

11 hours ago

I wonder lets say there is some page is vulnerable and it gets sql injected now php on backend only returns specific rows does not return password in any way, how people get off the passwords using that?

Is CSRF needed on a page that does not have authentication

12 hours ago

I'm making a configuration page for an embedded Linux device. When the user presses a button, the device starts a WiFi access point. The user connects to the AP and visits the web page. This page is not protected by a password. Anyone who can connect to t ...

Is it OK to save user passwords into plaintext?

12 hours ago

Basically i want to easy recover user passwords if required i hash them into database using bcrypt but I tried backup non hashed passwords into a plain text file (*txt) not accesible over internet, Is that correct and secure? I'm using secure password for ...

Storing SSL certificates for developers

13 hours ago

I work as a .NET developer on a small development team. Our organization has several websites, that all have SSL certificates. The websites are deployed to On-premise Windows 2019 Servers, and the SSL certificates are imported through the Certificates sna ...

Should the server send 'secure' cookies on unsecured http response?

13 hours ago

I noticed that the module cookie-parser in NodeJs sends back cookies that have the "secure" attribute set, even in an unsecured http response. They have specified this behavior in their readme, or at least in the readme of a dependency, but is this really ...

Why aren't governments taking steps to make end-user products more secure in terms of IT security? [closed]

15 hours ago

Obviously some manufacturers do not care too much about making their products secure and the vulnerabilities, if any, are only found by volunteer hackers, it at all - for example in IoT products. Most end users cannot take (advanced) protective measures o ...

OpenSSH authorized_keys options for securely tunneling to a database

17 hours ago

I would like to allow people to tunnel to either db1.example.net or db2.example.net based on their SSH public keys via a bastion server bastion.example.net. What SSHD options should I add to the ~/.ssh/authorized_keys file to restrict the connection as mu ...

Public Key Pinning Attack?

21 hours ago

I'm somewhat knowledgeable in the concept of Public Key Pinning (HPKP) and I see a potential attack where a server admin could pin a particular cert and thus demanding user's browsers to only honour that particular certificate. However, if the admin wante ...

how to check tcp sequnce number to detect mitm?

22 hours ago

I suspect that my router (I'm using an iphone as router) was been owned and the attacker is making some kind of mitm attack. I suspect also that some part of html and js code has not been sent to my laptop and filtered by the attacker, then some site hav ...

How to check TCP sequence number to detect mitm?

22 hours ago

I suspect that my router (I'm using an iPhone as router) has been owned and the attacker is making some kind of mitm attack. I suspect also that some html and js code has not been sent to my laptop and filtered by the attacker, meaning that some sites do ...

CA that issues code signing certificates with 2048-bit RSA keys?

1 day ago

I'm trying to use a .dll and the manufacturer requires it to be signed by a CA with a 2048-bit RSA key. All the CA's I can find seem to have stopped issuing certificates with small keys. Are there any CA's which may issue me a certificate with a 2048-bi ...

How easily can ISP/mobile network operator employees read or decode traffic data?

1 day ago

When I sign up for a mobile subscription or internet connection with my ISP (also a mobile network operator), the company's privacy policy says that certain information is processed such as personal data (name, phone number, address etc) and metadata whic ...

How to validate DNSSEC signatures - zone cuts?

1 day ago

RFC 4035, section 5.3.1 lays out the rules for validating DNSSEC RRSIG records: The RRSIG RR and the RRset MUST have the same owner name and the same class. The RRSIG RR's Signer's Name field MUST be the name of the zone that contains the RRset. The RRSI ...

When typing something in the URL bar in Safari with google as my default search engine without pressing "enter", does google log what I've typed?

1 day ago

When typing in the URL bar in safari with google as my default search engine without pressing enter (i.e not actually searching), does the text I've typed or my IP get logged to google?

XSS Inside the text part of an tag

1 day ago

How do I xss inside here ? I have tried normally using alert() but it didn't work

How can scammer actually reply from a spoofed email address?

1 day ago

I (mostly) understand how a scammer can send an email from a spoofed account, all you need is an unsecured SMTP server. But how is it possible, for a scammer to RESPOND and maintain an email conversation with the victim from the spoofed address? In this c ...

Verifying that a TLS server supports the PSK-Modes Extension?

1 day ago

I am trying to verify if a TLS Server is configured according to the guidelines specified in NIST SP 800-52. One rule stated is the following: TLS servers that support TLS 1.3 and the Pre-Shared Key extension shall support the Pre-Shared Key Exchange Mod ...

Would purchasing a firewall for a domain thru a domain manager make Microsoft 365 emails on that domain more secure

1 day ago

Does purchasing a firewall for a domain/website make the emails using that domain through Microsoft 365 more secure?

Are purchased domains from third party registers or hosting managers without Cpanels or VPS or Editable Pages hackable?

1 day ago

If someone buys a domain and one may type the url in but just sees a template page from the register.com but doesn’t purchase a cpanel or VPS or rootacess or any way to edit the website, does the domain or website managed by a domain seller such as regi ...

Centos 7 Samba php:apache Permission Denied when moving file with Docker container after moving to :z volume from samba share

1 day ago

First, let me say that chmod 777 does not even work for this (though I know that would not be the correct solution). Here's the situation: I have a mail server receiving mail. On that server there is a cronjob that runs a .sh script that moves the mail ...

SQL Command to Export Results including Headers to .csv

1 day ago

Is there any way to write an SQL procedure that will take the results of a query and save them as a csv file. I've googled this question and found posts about bcp and sqlcmd. However, I have not been able to get either of them to work. SQL Server Manag ...

Security implications of using a non-hash in the password column

1 day ago

Imagine a webapp that uses a traditional email-password-login, with the users-table saving the password salted and hashed using bcrypt. Now a secondary login method should be implemented, like an API or external auth provider, with some users only being a ...

CSRF protection using form action

1 day ago

While performing testing on an application, I came across a CSRF protection that was using an integer ID in the form action. The application had a form similar to the below format

How to reverse a Steganographic image?

1 day ago

I have a picture (original) and I don't remember what application I used but I hide it under another picture (secondary). Now when i'm scrolling through my pictures I can see the (original) picture, but if I open it or download it, i'm seeing the (second ...

Will GPS spoofing + VPN on mobile hide location?

1 day ago

suppose I turn my Android mobile phone into "developer" mode and install a professional GPS spoofing app, in addition to a professional VPN app. Developer mode will allow the GPS spoofing app to overwrite my GPS location on the phone, whilst the VPN will ...

How to recover a formatted hard drive by veracrypt?

1 day ago

I wanted to encrypt my drives with veracrypt.but i didnt know that it will first format the hard drive.so i canceled the progress of encryption normally. How can i recover my files? I have used most popular file recovery softwares like easeus data recover ...

Security issues in xhr DOM update

1 day ago

I'm writing a javascript code that update DOM with html/javascript from XMLlHttpRequest response (A sort of JQuery's $.load() function), depending on some client side condition (e.g. which browser user is using). I put this function in a separate javascri ...

Using Public Key Cryptography for improving 2FA?

1 day ago

When using 2-factor-authentication using plain TOTP, the secret is stored on both the client and the server. This in turn means, that anyone with access to the database knows the 2fa-secret of all the users. Why is this acceptable? Storing plaintext passw ...

mitm kali linux urlsnarf cant get through https

1 day ago

what should i do to get through https i dont know whether sslstrip working or not, it shows /usr/share/offsec-a
wae-wheels/pyOpenSSL-19.1
.0-py2.py3-none-any.whl/O
penSSL/crypto.py:12: CryptographyDeprecationWa
rning: Python 2 is no longer supported by the Py ...

sslstrip showing an error

1 day ago

What should i do to get through https? I don't know whether sslstrip working or not. sslstrip -l 8080 /usr/share/offsec-awae-
wheels/pyOpenSSL-19.1.0-p
y2.py3-none-any.whl/OpenS
SL/crypto.py:12: CryptographyDeprecationWa
rning: Python 2 is no longer support ...

Online platform control (proxy)

1 day ago

To connect to the online platform of the company I work for, I have to use a proxy. Is it possible for the person responsible for this platform to check if I am currently using other programs in addition to the browser with the open platform? Can they che ...

ECDSA Signature Verification works with AWS KMS API but not when using OpenSSL

1 day ago

I am trying to manually verify the signature using a public key and signature but continue to fail. When I try using AWS KMS API it works, kms_boto3_client.v
erify( KeyId=keyid, Message=message, MessageType='RAW
9;, Signature=signature, S ...

easy way to share 2fa codes both app and text based

1 day ago

With covid and everything happening, I have been thinking of death and estate a lot lately. I have added my family in my password manager but not sure what is the easy way to share 2fa authentication across a range of websites both text and app based . On ...

how can worms be dangerous to content delivery network

2 days ago

i am trying to understand how worms can be dangerous to content delivery network i know what CDN is a service that makes content delivery faster which makes sites fast. where as a worm is defined as self-replicating software designed to spread through the ...

What are the different ways of finding collisions in SHA?

2 days ago

I have been researching SHA and its applications. While many SHA algorithms exist they can be categorized into three groups SHA, SHA-1, SHA-2, and SHA-3. SHA through SHA-2 is based on the Merkle–Damgård construction which I presume has a certain approa ...

How do I figure out whether this is a bug or how do I debug what is trying to access my webcam?

2 days ago

Similar question, which has a different question (since my AV doesn't even know the process ID or similar): Antivirus warns about processes trying to access my webcam I am using ESET Internet Security and suddenly the AV started popping up with warnings t ...

Attacks on Peer 2 Peer networks?

2 days ago

I've started a framework which aims to make anything into an IoT device. As it is true for any software, it needs to be secure. We 'll know it ain't going to be bulletproof, but an effort must be made nonetheless. For that reason, the source code is open. ...

Routing attacks on Peer 2 Peer networks? [closed]

2 days ago

I've started creating a framework that aims to make anything into an IoT device. My biggest worry is routing attacks but I have a potential solution: Each peer would trust only entities that are willing to exchange/share messages with the other peers. Occ ...

Real world implementations of "continuous authentication"?

2 days ago

As the name implies, continuous authentication is the use of ongoing assessment of inputs (usually biometric or behavioral) to determine the identity of the user. Examples include subtle differences in keyboard use, mouse dynamics, smartphone taps and sw ...

What's the best practices for storing 2fa tokens?

2 days ago

What are the best practices for storing 2fa tokens for your users, I can't imagine that plain text is any good.

SQL Injection Prevention WAF Generic Rule for Wordpress

2 days ago

We are trying to develop a GENERIC WAF Rule for SQLI Prevention for WordPress-based websites that can provide some level of effectiveness with a very low probability of having false positives. From my understanding I think we can provide some level of pro ...

How to unhash sha256? Alternatives to brute force?

2 days ago

I know it's almost impossible to do, SHA256 is a one way function that can't be easily reversed, just like there are operations that have no reverse, take: f(x) = x+5 , it's easy to see that if you want to revert that you just take the output and substrac ...

Requirements for privacy in terms of biosensors, video and smartphone signals

2 days ago

I'm conducting research employing biosensors (i.e., heart rate and skin conductange signals), video data, smartphone signals (i.e., sensors such as accelereomter and gyroscope and touch data) and handwriting. A big problem is privacy, i.e. users are affec ...

What is the difference from DLP, EPP, and EDR?

2 days ago

This summer, I get the chance to do a Data and Security Analyst internship. The project I will be working on is supposed to focus on Data Loss Prevention. After doing some research in the beginning phases of this project, I have run into a roadblock as I ...

Block file and data transfer out of a device

2 days ago

I was reading a documentation that suggests blocking the computer from transferring files to an external device, such as a HD, Camera or Pen Drive, allowing only reading. Is this type of protection still valid? Because today anyone can for example copy so ...

Should you set up firewall rules with a vpn?

2 days ago

I am using a vpn and trying different firewall rules to keep as secures as possible. But the VPN company itself tells me not to use a firewall. Does that seem reasonable? They write: "As we've mentioned previously, it is not recommended to have UFW/GUFW ...

Share Bluetooth connection between device

2 days ago

With WiFi you can control which device can connect to your WiFi device by managing which devices know the SSID+wpa2 couple. Is it possible to do the same thing in bluetooth? In other words, I want to be able to do with Bluetooth what I do in WiFi by conne ...

Kinsing Malware entering via compromised Dockerhub Images?

2 days ago

I got a server infected with the Kinsing malware, which mines crypto on your server, maxing out your CPUs. The malware initially creates the files /tmp/kdevtmpfs and /tmp/kinsing If you delete these files and kill the process they get recreated elsewhere ...

Does disabling "Always display external images" in gmail remove the risk of spam senders getting my information and seeing that i opened the mail?

2 days ago

So when a mail is opened that includes special images, fonts or media, it is loaded from the server of the sender. This is bad because spammers can detect active mail accounts that will get more spam. But when i disable "Always display external images" in ...

Isolate Dual-Boot Windows OS's - Encryption Programs ( Works ? )

2 days ago

Hello , I have a question regards the dual boot/installing 2'nd OS on the same machine // Please read & understand my question before downvoting ! My Machine Have Name Model Disk No. Capacity SDD LITEON L8H 0 240 GB HDD HGST 1 1 TB ( 932 Gb ) SDD Contai ...

Isolate Dual-Boot Windows OS's - Encryption Programs

2 days ago

I have a question regarding the dual boot/installing of a second OS on the same machine My machine has Name Model Disk No. Capacity SDD LITEON L8H 0 240 GB HDD HGST 1 1 TB ( 932 Gb ) SDD Contains : Windows 10 -- ( for work ) HDD Contains : Partition 1 / ...

where vulnerabilities should be fixed? **Source** or **Sink**?

2 days ago

where vulnerabilities should be fixed? Source or Sink?

Where should vulnerabilities be fixed? Source or Sink? [closed]

2 days ago

Where should vulnerabilities be fixed? Source or Sink?

What programming language for pen tester in application security?

2 days ago

I'm going to do my master's in another country and decided to level up my skills. I have 10 months of work experience in application security. And I know the basics of how things function in the app sec domain. So thought of learning a programming languag ...

How does SSH protocol encrypt the data in transit when using user and password for credentials?

2 days ago

From my understanding, the SSH protocol encrypts everything that is sent over channel and this is why it is secure. My question is for setup when authentication is done using username and password. My basic question is that to encrypt, it must require a k ...

Use sfportscan preprocessor in snort 3

2 days ago

I have not found anywhere how to configure and use sfportscan in snort 3; all documentation I can find is for snort 2. I am aware of this answer, which applies to snort 2.9, and I don't think it helps me here. As far as I understood, I need to put it into ...

How does SSH protocol encrypt the credentials and data in transit?

2 days ago

From my understanding, the SSH protocol encrypts everything that is sent over channel and this is why it is secure. My basic question is that to encrypt, it must require a key. Who gives this key and where is it stored?. If the SSH encrypts without key an ...

Security policy regarding sudo and root account disabled

2 days ago

One can find policy advised regarding power user accounts on UNIX systems described as : Disable root account access (for example by changing default terminal to /usr/sbin/nologin Only authorize compartimented sudo commands access My (beginner) question: ...

nmap not showing the list of supported methods

2 days ago

When executing the command nmap --script=http-methods.nse -p 80,443,8080 -Pn "ip address", I am not getting the list of supported methods for specific ports. Please tell me what could be the issue.

Some random string is appended prefixed by a DOT at the end of URL

2 days ago

Recently we have run some Security scan report on one of our web-application and it has one issue reported as a path-based vulnerability. The scenario is as follows. The request URL which our application intended to accept is www.host.com/what/ever/ou
rPag ...

Why urlsnarf and driftnet capture my own information

2 days ago

Windows 10 ip 192.168.1.112 Router ip 192.168.1.254 I am using virtual box kali Linux to run. Already send the packets (sysctl..) Arpspoof -i wlan0 -t 192.168.1.112 -r 192.168.1.254 urlsnarf -i wlan0 But it capture everything in my kali Linux not Windows.

What is this HTTP attack full of backslash encoded data?

2 days ago

I use nginx configured with HTTPS and an unsigned cert to send files to people sometimes. Despite being just an IP address listed no where, I get traffic from various crawlers and other bots. The other day I saw the following in the access logs: - - [20/ ...

What are these ip addresses?

3 days ago

I downloaded a fresh kali vm and created ssh keys then a decent vpn and started to look for devices to exploit using shodan website , I am and ethical hacker, if i manage to exploit a device i try to patch it and leave a note for the owner with my email ...

MAC install new helper tool

3 days ago

I was prompted by " ProtonVPN " to install a new helper tool, I was busy at the time so I pressed cancel and ignored it. I've just opened ProtonVPN to install the new update but no update was prompted, so I manually selected " update " & it stated I'm upt ...

Is it possible to identify a financial fraud on a Windows machine? How?

3 days ago

How do forensics identify a banking/financial fraud in a Windows system? Malwares usually uses realtime TCP sockets to complete their deeds, infecting and compromising the PC it runs on (not the financial system itself), which if not configured otherwise, ...

Bitdefender: Clear browser cache before system scan?

3 days ago

I tried to post this on the Bitdefender community, but there seems to be quite a delay. I installed Bitdefender Free for the first time today. The System Scan has been stuck at 8% for hours now. Web searching reveals that this is normal. I was wonderin ...

ISO 27001 2013 version not being updated

3 days ago

Is there any reason why an information security standard such as ISO 27001 is not getting updated as Information Security field is constantly changing and also the requirements but its latest version is for 2013?

Combining confidentiality, authenticity and data integrity to form secure URL

3 days ago

There are clients, they can share links to their profile info, which should be confidential. The link expires in 5 minutes. They set Auth Code, so that the one who gets the link can access the client's data if he get the correct Auth code. Restrictions: T ...

Why would I need a password manager when I use 2FA?

3 days ago

I have come across many questions concerning what security benefit 2FA provide a password manager. (e.g. this question) On the other hand, if I already use 2FA, why would I need a password manager? Won't I be notified if my (perhaps insecure) password bec ...

Block access between Router and Modem

3 days ago

I have come across a 6 year old article here: https://www.computerworld
.com/article/2887243/usin
g-a-router-to-block-a-mod
em.html Basicly, for people who has seperate router/modems he suggests using the routers outbound firewall to talk to modem. Do you th ...

Protecting the Router from Modem?

3 days ago

I have come across a 6 year old article here: https://www.computerworld
.com/article/2887243/usin
g-a-router-to-block-a-mod
em.html Basicly, for people who has seperate router/modems he suggests using the routers outbound firewall to talk to modem. Do you th ...

Rice cook temperature

3 days ago

A quanto cuoce il riso? (temperatura in Celsius) Mi servirebbe sapere a quanto deve arrivare la temperatura dell'acqua affinché il riso possa essere cotto. Dispongo di un fornello.

ModSecurity OWASP CRS 3.3.0 false positives on a Wordpress site

3 days ago

The following search queries are blocked by ModSecurity and returns a 403 forbidden error: www.example.com/s=
zip+someword & www.example.com/s=g
zip+someword but not www.example.com/s=zip & www.example.com/s=gzip Th
e Apache error_log: [Sun Jun 20 14:15:51.6 ...

Looking for a secure password management solution without cloud

3 days ago

In my work, I have to know and use sensitive passwords at different computers of different companies (domain controllers, other servers, remote desktops etc), and also need to keep several SSH keys. I'm looking for a solution by which I can keep these pas ...

How to handle a former employee's public GPG key?

3 days ago

In my keyring I have the public key of a former colleague. I have signed it, because I trusted that it was his key. I still do so, but the fact that he has left the company of course changes the nature of trust. So basically what I want is: no new encrypt ...

How to detect and prevent webshell uploading with offline methods?

3 days ago

We're developing a website using aspnet5, and providing a simple web page for uploading images by users. Users should only able to upload image files (jpg, png). We're using some mechanisms to check and validate uploaded file by: filename, file size, exte ...

how to recover a laptop which has been formatted and a new windows is installed on it?

3 days ago

My mistakenly without getting a backup installed a new windows on it and actually I have formatted the disk during windows installation as well, is there a live bootable tool to recover my files in my laptop disk?

Man in the middle attack error

3 days ago

** (driftnet:2115): WARNING **: 13:40:14.085: (../atk-adaptor/bridge.c:
1018):atk_bridge_adaptor_
init: runtime check failed: (root)

Driftnet not captured and shows this code below [closed]

3 days ago

(driftnet:2115): WARNING: 13:40:14.085: (../atk adaptor/bridge.c:1018):at
k_bridge_adaptor_init: runtime check failed: (root)

How bad is it to store credentials in clear text on disk and in memory?

3 days ago

Yeah, it depends. A good answer would provide some reflections on this. I have two concrete scenarios in mind, in two concrete (and I believe common) contexts. Context 1. At home, you’re the only one with access to the computer. Context 2, at work, you ...

Significant differences in hash cracking speeds? [duplicate]

3 days ago

I'm doing an educational hash research. I generated MD5 hash using online tools and cracked it within a second using Hashcat and certain wordlist (yes, one second). Then I produced a WPA handshake using this same password that I used for MD5. I tried to c ...

What can my employer see in my Instagram [duplicate]

3 days ago

I use my private phone at work for private stuff. I use The company’s WiFi. Now I ask myself; What can my employer see what I am doing in the Instagram app? Can he see my username? Can he see that i switch profiles? Can he see which posts I like? Can he ...

Can I inject shell in the below php code?

3 days ago

How I can inject a shell command in the below code?

How to encrypt and hide a GNU/Linux operating system and create a decoy system?

3 days ago

My goal is to be protected against key disclosure laws and possible extortion. I know dm-crypt can be used to perform full disk encryption for GNU/Linux distros. However, it is not enough. I want to be able to hide an operating system in an encrypted hidd ...

What sort of RSA private key format is this and how are they generared

3 days ago

I am used to seeing a regular private key, with the standard key block, but I just came across this type which carries extra information as you can see. What format is this and how are these generated (openssl CLI syntax)? if not obvious, is my way of j ...

Is serverless code immune to DDoS attacks?

4 days ago

In classic hosting we have a virtual machine with limited resources allocated by hosting provider for running our web application. But with serverless code such as AWS Lambda or Azure Functions, our code is executed by hosting provider (Amazon or Microsof ...

How to change a website to no longer needing an SSL certificate

4 days ago

I have recently had an active website that was protected by an SSL certificate. The site is no longer active and the certificate has expired. I have tried to put up a simple HTML holding page but Google will not show it because there is an expired certifi ...

Bypass encryption by altering source code

4 days ago

In the Cryptsetup Frequently Asked Questions page it says: You are asked a passphrase of an existing key-slot first, before you can enter the passphrase for the new key-slot. Otherwise you could break the encryption by just adding a new key-slot. Is it ...