security.didici.cc
Why message digest should be kept secret?
50 minutes agoWhy is it required to keep message digest secret? If A sends message M to B,then A will apply hash function to M and will get digest M'. Now is there any requirement to encrypt M and M'? Assume that B is only concerned about message integrity? I have le ...
How CFB mode works?
1 hour agoUse the AES calculator (http://williamstallings.
com/Crypto/AESCalc/AEScal
c.html) to demonstrate CFB mode with AES. Select a 128-bit key and a 384-bit plaintext (all in hexadecimal). Demonstrate outputs from each round in the CFB (three rounds in total)?
...
Whitelist VPN provider's IP address in cloud service provider
10 hours agoI wonder how safe is it to whitelist honorable VPN service provider's IP (for example NordVPN) in, for example Azure/AWS to use RDP/SSH? Is it any better then whitelisting local ISP's IP assigned to me?
How to handle UDP abnormally disconnection in DTLS?
11 hours agoDTLS-UDP is used between client and server. If the client ends abnormally,how does the server know that the client is gone? i have read rfc6347 and find nothing about that. thanks in advance.
Using MD5 as salt
13 hours agoI know that MD5 is a poor choice for hashing passwords, but its not my ideia. Imagine that we would use the username as a salting mechanism, wich is also bad idea, but just for an example. First, we md5 or sha1 this username and then concatenate with the ...
Token Based Authentication - Token Length
14 hours agoWe're attempting to provide token based authentication to a web based service, and I was looking for insight into an appropriate length (128bit, etc.). Any help would be much appreciate. If more information is needed, please let me know. Thanks!
Is this input field and function secure?
16 hours agoIm just learning about IT security, so this is basic stuff and Im maybe overthinking it. I have this input field on my wordpress site (ssl is on) that directs the user to the product he typed in. It filters bad signs with encodeURIComponent() (so it sho ...
wipe encrypted disk by nulling the first few bytes?
16 hours agoIf I encrypt a whole partition with AES, is it secure to just overwrite the first few bytes of the partition in order to make it completly unreadable even if an attacker knows the passphrase to access it?
How to Bypass PIN and Password Locks in Android?
19 hours agoWhat do I need to know? Santoku Linux: First, let’s get into far more details concerning Santuko UNIX system. it's Associate in Nursing open supply platform that is used for the aim of mobile forensics. Santuko UNIX system might even be controlled for ...
Is this a valid secure cookie scheme?
19 hours agoI have a scheme for a cookie with high-level confidentiality of information. The information to be hidden from the client is the expiration time of the cookie. I am wondering what insecurities i am opening myself up to with this scheme. Note below that | ...
Found my iPhone 5 somewhat open (possibly right after airport security), what (if anything) might have been done to it?
21 hours agoI was traveling by air very recently, and once I got home I noticed that the button on my iPhone 5 seemed to be more deeply recessed. After a while I realized that this did not make any sense mechanically, so I removed the Rhinoshield phone protector and ...
Limit information disclosed in AD Anonymous Bind
22 hours agoWhat I am trying to do For reasons I may not go into, we must allow Anonymous Bind in AD on a private network. I am fully aware of the risks associated with this. I have found a myriad of documentation around enabling and disabling anonymous bind. Wha ...
Can a secret, S, be efficiently recovered from a list of usernames and SHA256(S + username)s?
1 day agoGiven a set of usernames and their corresponding proofs of knowledge of a shared secret: SHA256($SECRET + username), can an attacker recover $SECRET more efficiently than by brute force? (This is assuming $SECRET is not easily guessable, a 256 bit random ...
How do you prevent a computer in a network from accessing RDP?
1 day agoSo you're on a domain. I know that Remote Desktop needs an authorized user's credentials (e.g admin) to log in with a remote computer. But can you also place a condition that you need to be using a certain computer(s) in the domain to log into it? That w ...
Putty+PKI+Pageant not working on vSphere not working
1 day agoI am trying to use PKI to connect to multiple VMWare vSphere guest OS, which have installed OpenSSH v , using PuTTY and Pageant. I've created the keys and and configured Putty and OpenSSH 5.6 over SSH2 but somehow no key exchange is happening (that I can ...
Clarification about PrimeFaces Expression Language Injection
1 day agoThe PrimeFaces Expression Language Injection explained here:
http://blog.mindeds
ecurity.com/2016/02/rce-i
n-oracle-netbeans-opensou
rce.html
Will happy for the clarification about the remediation:
Why not enough to filter all requests with pfdrt=sc?
Why ne ...
ipsec phase1 not established using openswan
1 day agoI am using openswan for VPN.
I am getting below log in /var/log/securesending notification v2N_NO_PROPOSAL_CHOSEN
K
indly let me know the possible reason ?
How to deal with recurring spam?
1 day agoI sometimes receive spam mail, so I delete it. Lately, I continue to receive spam messages about 'trading software' that are related to each other. How can I stop this? (I'm new on this SE. Let me know if this is not a right question to ask here.)
How do i set custom rule to windows 10 firewall to alert if any .cs file extension is uploaded?
1 day agoHow do i set custom rule to windows 10 firewall to alert if any .cs file extension is uploaded ? please suggest multiple options. Does any free/low cost firewall allows this without writing script ?
Cracking MD4 hash
1 day agoI'm doing some hacking exercices and I have to gain access to a site's database so I can delete all records. The way of getting into the administrator panel is through a password (no username). I've tried some ways of getting in (SQLi, SSI, cookies) but ...
resolv.conf: my router acts as a nameserver - a vulnerability? How to change it?
1 day agoI'm running Debian 9.1 with KDE and when connecting to the Internet by default I get these two lines in my /etc/resolv.conf file: search localdomain nameserver {ipofmyrouter} I guess that these - or at least "nameserver {ipofmyrouter}" - mean that my rou ...
Authy asks for the recovery password without a reason. Is this normal behavior?
1 day agoThe last time i opened the Authy 2FA app it showed a message telling me to enter my recovery password. The title of the message window was in all-caps and said something along the lines of "Enter your recovery password as a help so you don't forget it". I ...
How to set up my machine for Wi-Fi penetration testing correctly?
1 day agoSorry, for my english, I'm not native speaker. I was trying to learn how to attack Wi-Fi encryption protocols and ran into a HUGE amount of different problems. I am pretty frustrated right now, and I would be very grateful if give me some wise advice. I ...
Convert msfexploit to a standalone exploit
1 day agoHow can we convert Metasploit exploit session to a stand alone exploit tool? I have many VM that I have exploited with Metasploit I want to create a standalone exploit tool for these VM.
how i can put auth token for twitter in the header
1 day agoWhat is the problem it show that error:
GET https://api.twitter.com/1
.1/statuses/user_timeline
.json?screen_name=hasnain
313_khan&include_rts=
false&count=3&inc
lude_entities=true 400 ()
send @ jquery-3.2.1.js:9566
ajax @ jquery-3.2.1.js:9173
(ano
nymous) @ ma ...
How can I put an OAuth token for Twitter in the header
1 day agoI'm getting this error:
GET https://api.twitter.com/1
.1/statuses/user_timeline
.json?screen_name=hasnain
313_khan&include_rts=
false&count=3&inc
lude_entities=true 400 ()
send @ jquery-3.2.1.js:9566
ajax @ jquery-3.2.1.js:9173
(ano
nymous) @ main.js:7
mightTh ...
how to generate a pem certificate with Openssl using 'TLS1_ECDHE_RSA'
; ciphers for fips platform
1 day agoI am testing some ECDHE_RSA ciphers on fips platform But the handshake is failing because of the cert and key I am using on Server in OpenSSL. Same cert and Key are working fine if the platform is non-fips. I am using a Load Balancer between the clien ...
How can a website like mobilepay.it know your telephone number?
1 day agoRecently i had to disable some paid services on a mobile phone (those kind of annoying services that automatically enables when you visit some particular websites and costs lots of money). To do so i visited the website
http://selfcare.mobilep
ay.it
I w ...
Is it safe to upload & scan personal files on VirusTotal?
1 day agoI had an idea to make a plugin for one of my email clients where my users will be able to scan attachments using VirusTotal service, but then again I was worried about their privacy and again security of uploading personal files which may have been expose ...
How to encrypt the number one using RSA ?
1 day agofor example: if we have public key : (5,221) and private key : (77,221) and we want to encrypt 1: c(m) = (m)^p mod n c(m)=(1)^77 mod 21 =1 so how to deal with that? is there some work around ?
Can Win 10 System Log files tell me about any .cs file transfer to personal google drive?
1 day agoCan Win 10 System Log files tell me about any .cs file transfer to personal google drive. Or any free Digital Forensic tool can tell. I saw my programmer deleting personal gmail account from chrome from a distance. Though its against policy but allow ...
Just how much of a risk am I putting on my network by allowing UPnP
1 day agoI am facing a serious conundrum (to me at least). Whether or not to disable UPnP on my network. I understand the risk, an infected computer could punch a hole in my firewall, and more infections can follow. I would disable UPnP, but the people who are on ...
Allow user to set iframe source from one domain
1 day agoIn my web app, I need to let user set iframe src value from one domain. As a part of registration, they specify the domain. How do I do this? I looked into X-frame-options and content security policy but did not help as I need to support IE 11.
Https server side, as well as client encryption?
1 day agoI'm new to data-encryption and do not understand the following: I convert my domain into a "https" domain, by means of something like "Lets Encrypt". I have an android app that talks to an api on my domain. Do I still need to perform client side encrypti ...
Do long password actually help protect your accounts on websites attacks
1 day agoWe are told to use password that are long with high complexity to prevent attackers from using brute force attacks on our accounts The thing is that most websites will pick this up and either enforce timings e.g. 30 seconds between tries or lock you out ...
No password root accounts of an entire laboratory!
1 day ago2 days ago some of the university staff asked me about 3 computers here. All the computers are using Ubuntu and have the exact same password on the login screen for the superuser. Let's say StackPa$$word is the password. 3 computers refused the password. ...
How to determine IP address of target device or network
1 day agoI know most exploits over the internet are opportunistic, but assume an aggressor has a specific target, but no physical access to that target. How do you find the target network or device to begin an attack over the internet? My first thought is social e ...
Json Web Tokens. Headers naming conventions, formatting and security issues
1 day agoI implemented my own Json Web Tokens authentication and authorization scheme, which is based on three tokens - access token, reference token and refresh token. They are generated by backend or application code and all authorization logic is implemented in ...
outlook client autodiscover SQL Injection
1 day agoI am tripping mod_security on apache when outlook365 client on a laptop runs autodiscover.. Win10 os. ModSecurity thinks its an SQL injection.. "Detects basic SQL authentication bypass attempts". Is there a known issue with autodiscover and SQL injectio ...
Not able to set httpOnly flag to Google Analytics cookies
1 day agoI am not able to set HttpOnly flag to cookies coming from Google Analytics. Cookies not able to set this flag are __utma, __utmb, __utmc and __utmz. Is there any reason why I am not able to set them to HttpOnly?
What are the security implications of systemd compared to systemv init?
1 day agoI'm just beginning to learn about the init system, so I only know about the high level characteristics of both. I have noticed a lot of fuss over systemd, even some people claiming that systemd was created to purposely introduce vunerabilities! The arg ...
text with .fyi attachment
1 day agoI occasionally get texts from numbers I don't know. My standard procedure is to delete and not give it another thought. Lately, I have received texts with attachments that look like this; Tap to load preview fkhlkf.fyi What is a .fyi attachment and is i ...
How is my microsoft account compromised?
1 day agoSo I have my microsoft account ever since hotmail boomed, and I've had the same super weak six character password up until this year, but it was when one of my google accounts got compromised a few months ago that I decided to check my microsoft account a ...
What action plan an hacker can do with Kali to enter in an iPhone
1 day agoI am interested by mobile protection for general public, we have all informations saved on our phone. I am thinking what action plan an hacker can do with Kali or other to enter in an iPhone and read SMS for example. I found several methods but I don't th ...
Can browser bypass hosts configuration file?
2 days agofor example, assume I have edited the hosts file with the following line: 127.0.0.1 malicious-site.com if I happen to have installed a browser developed by people who owns this malicious website. When I accidentally load a webpage which has a maliciou ...
Can I go "incognito" on my smartphone?
2 days agoIn other words can I make myself or what I do on my smartphone invisible to others like the network admin, or block my information on my router?
Can my smartphone apps that I am using be seen in the router?
2 days agoIf I am using apps on my smartphone can the network admin. see the apps I am using on my smartphone?
GitHub pages and same origin
2 days agoI am working with the security team at my work to get a website accredited before I can publish it...It is a very simple webpage hosted on Github pages with only some javascript. I kind of reached a roadblock in terms of creating the code to secure the w ...
Pwntools can't create core file
2 days agoI'm trying to use pwntools and I'm following this tutorial for creating Corefiles to automate exploitation.
The code of the ./crash executable is:
#include
#include
#include
void win() {
system("sh");
}
int main(int argc, char** argv) {
char ...
How to improve a network of a school lab?
2 days agoI got this task to improve a network of an IT institute with minimum cost. It has 25 computers and currently configured as a peer to peer network using an old switch. And the users treat one of the computers as a file server so everybody access this compu ...
Different CRC32 implementations? different results?
2 days agoSo recently I managed to implement the Caffe-Latte attack in python. I got stuck for two weeks because the final ICV wouldn't match. After some digging around I found that airbase-ng (which already implemented the Caffe-Latte attack in C) used a self imp ...
Can fingerprints be verified over USSD?
2 days agoI work for a public sector body in West Africa where we need to establish a method to establish identity in areas that do not have a data connection. We have fingerprints of our members in our database. Is it possible to verify fingerprints over a USSD ...
Using ex.: Ubuntu or Windows: Can I see the memory of a process that I am running?
2 days agoIf I don't have Administrator or root privileges on a Desktop machine and I am running a password manager, can I see the memory contents of that password manager, or higher permissions needed? So I am running a process ("foobar" user, not root) and I wa ...
How google API verifies a usage by specific bundleID (apple) or andorid app?
2 days agoi'm reading about how google restricts the usage of the API keys. they have 2 options - by bundle ID and by application's SHA-1 fingerprint. I'm guessing that this info is sent along the request from the app itself to Google - what denies me from taking ...
I want to ask BASICS of how PUBLIC KEY works on server for decryption in TLS handshake
2 days agoThank to the reply here from my previous post, finally I can understand that Server keeps 2 keys "public key" and "private key", and Server shares only "Public Key" with Client. Then Client encrypts its "pre-master key" by using this "public key" and sen ...
Crunch ang generate wordlist by the rules
2 days agoI trying generate own wordlist where is basis word "Password". I want generate wordlist where will be words like p@$sword or p@$swoRD or p@$sword123 atc. but not d@$sword or $$SswoRD. I used crunch like crunch 8 8 [email protected]$WwoOrRdD but this creted wor ...
Why are the CVSS scores differ so much between Redhat and NVD page?
2 days agotake CVE-2016-7872 for example. in National Vulnerability Database webpage, we can see that the cvss2 and cvss3 score are 9.8 and 10.0 respectively. but in the redhat security advisory page, they are 6.8 and 8.8. To my understanding, cvss score are bei ...
I STILL cannot find answer of one BASIC QUESTION about secret key exchange?
2 days agoBefore explaining details I should ask my BASIC QUESTION: "WHAT MAKES THE DIFFERENCE BETWEEN SERVER & a (Listening) Man in the Middle ?" I read many detailed technical information about TLS handshake process...Client sends pre-master secret key, by using ...
I STILL cannot find answer of one BASIC QUESTION about secret key exchange at TLS handshake?
2 days agoBefore explaining details I should ask my BASIC QUESTION: "WHAT MAKES THE DIFFERENCE BETWEEN SERVER & a (Listening) Man in the Middle ?" I read many detailed technical information about TLS handshake process...Client sends pre-master secret key, by using ...
Best Non-Tor Browsers For Privacy?
2 days agoSimply put, for moderate privacy for the average user, is there much of a difference between using Chrome with with various extensions such as uBlock, HTTPS Everywhere, Privacy Badger, and NoScript vs. FireFox or Opera with all those addons? And are usi ...
Levels of Privacy/Security of Various Browsers
2 days agoThis is two questions. For moderate privacy for the average user, is Chrome with various privacy extensions (HTTPS everywhere, uBlock, Privacy Badger, etc.) any more or less private or vulnerable than say FireFox or Opera with those same extensions? Are ...
Secure Windows 10 Machine
2 days agoTwo days ago a shady pop up was left running in the background for hours, when I returned to my computer, I had some error in the pop up window that network connection was lost from sleep. Today I woke up in the middle of the night to the sound of my com ...
Service version number detection error
2 days agoI am using Kali-linux (upto date ) ,when I do service version detection scans through Nmap the result is the version but not the version number for all ports .I tried the version detection scans individually in metasploit the same problem.
Do I need high password security if I also require a Client Certificate for validation?
2 days agoDue to an ongoing discussion in my office, I was wondering if anyone had any comments on whether password hashing security needs to be very strong if client certificate validation is also required for account verification. We use SHA-512 hashing with a r ...
Is getting intercept request of HTTPS in clear text is a bug
2 days agoI am intercepting HTTPS requests of android apps in my phone through Fiddler for pentesting purpose. I have installed fiddler certificate in my android phone, so that I can intercept HTTPS request. My question is that, I can see the HTTPS requests from a ...
Is an improperly configured HTTPS site inherently more dangerous than plain HTTP?
2 days agoI'm on Firefox 54, and I noticed a site with a bad HTTPS configuration sometimes gets a large warning page, while there is not any such page yet for plain HTTP.
Website just installed something to tor browser without my permission
2 days agoThis is an assumption, but I saw the alert 'so and so website wants to install something to tor browser'. It flashed for just a second and went away, it's probably safe to assume that my browser just got violated right?
Does ls -al definitively list all file on an external device
2 days agoIf I plug in a supposedly blank USB flash disk into my Sierra Mac computer and cd ~/Volumes/Untitled and execute ls -al will the output definitely display any and all files that could possibly exist on the device. Is this a definitive test of whether or ...
How was Lowe's website exploited to steal merchandise?
2 days agoHow was Lowe's website exploited to steal merchandise? It says they were able to order products without paying for them.
http://www.foxnews
.com/us/2017/08/16/couple
-exploited-lowes-website-
glitch-to-steal-resell-it
ems-authorities-say.html
Kimy and Ro ...
Is it safe to connect a random USB battery from a bin to my phone without stopping data transfer in some way?
2 days agoI've asked the question Power-only USB connection to charge my phone - as simple as cutting the data lines? in electronics SE. In order to bypass the "Why do you want to do this?" request for clarification, I explained. Here is the first paragraph: In ...
Password Policy
2 days agoDoes anyone know if it is possible within Active Directory to add a table of 'weak passwords' that will be banned? Looking to align password policies with the new NIST recommendations:
https:/
/pages.nist.gov/800-63-3/
Internal network address contains my name - problematic?
2 days agoIn my university, I needed to register the MAC address of my personal laptop with the admin in order to use the university network. Now, it seems like I am assigned a unique network address "lastname.university
.com", as my login prompt shows:
Last login: ...
CSR expiry date / validity date
3 days agoIf I create a CSR with openssl and set the expiration day to 5 years is it possible that the signing CA will set the expiry date to say one year ? Which one takes precedence ?
EDIT: ok, I think the answer from the post https://stackoverflow.com
/question ...
Can you find the ransomware key if you already have decrypted files?
3 days agoDisclaimer: I have very very little experience with ransomware/encryption, so I'm sorry if I ask something stupid. Ransomware attacks are all over the news, especially this year. And this got me wondering of a very typical situation in the real world: U ...
Pen drive deleted all files just by plugging in - What is it?
3 days agoA good friend of mine, very old and unskilled with computers, plugged his pen-drive on the work and, according to him, it instantly start deleting all files on the pen-drive without any window or confirmation showing up. He is more concerned of it being ...
Get Device names of surrounding WIFI devices without authentication
3 days agoI am looking to get a list of devices which are in range of my Wifi antenne (monitor mode). For example: "Tom's Iphone" I can get the MAC's of these devices, but is it possible to get the name of these devices without them actually connect to my Wifi A ...
What are the most valuable information when handling an IT security event/incident?
3 days agoI'm currently looking into reporting processes in information security and I was wondering what kind of information should be reported when an IT security event or incident occurs. The definitions of those would be (taken from ISO/IEC 27000:2016) inf ...
Can i know the origin of a whatsapp message
3 days agoi have a one message which circulated on whatsapp from different numbers. I just want to know the origin of that message.
What other security measures should I enforce for an intranet site?
3 days agoI work for a smallish company that is about to launch an intranet site that has some sensitive financial information on it. Users can only access the site from white listed ip's on the network (It's a WAN, and I've white listed them using IIS), and to log ...
How to Pass encrypted data between setter and getter
3 days agopublic String getName() { return name; } public void setName(String name) { this.name = name; }
LPORT question - I seem to not understand some concept
3 days agoHi I am studying now meterpreter, and at the beginning of my road, so don't kick me hard with the legs for this question, ok? I am trying to build a payload for inserting as an obfuscated code into word document, which will create listener on the attacke ...
Forwarding SSH from my router
3 days agoI began solving the CTF's in overthewire.org
First question in the site is:
"The host to which you need to connect is bandit.labs.overthewire.o
rg, on port 2220. The username is bandit0 and the password is bandit0."
So, to forward SSH from my router, I ...
What are the benefits and disadvantage of disabling
3 days agoWe are considering disabling TLS1.0 and TLS1.1 in the policies for a browser used organization-wide. We already have a primary browser, where >=TLS1.0 is enabled (i.e. SSLv3 is disabled). We do not know if any sites the user uses, uses Best practice is ...
Frameworks for detecting Malicious social bots
3 days agoAre there ready to use frameworks available for detecting malicious social bots? Which are these frameworks or the API's available for detecting malicious social bots? At this point of time, I do not care about programming language but I prefer a Python/ ...
How to capture all network using eth0 device
3 days agoI couldn't find an answer yet I hope its not just the way I searched google. I have a computer connected to a router via Ethernet exit. my promiscuous mode is on but I don't see other devices connected to my network in PCAPs, I only see my device and broa ...
Consume http proxy and expose a socks proxy
3 days agoIs there a tool like Polipo available that instead of converting a socks proxy to an http proxy can expose a socks frontend and then route traffic through the http proxy? It's very possible I don't understand the infrastructure behind these making this q ...
Hybrid approach toward IDS
3 days agoI want to perform intrusion detection. My idea case is to do anomaly based detection. knowing the fact that anomaly detection generates false positives, I am thinking to adopt hybrid approach. can i get a guide how to accomplish this? I have BRO/ SNORT f ...
what is the risk associated with configuration back up files
3 days agoplease share your views on the same since iam expecting the RISK associated with Configuration back up files
Is it useful to hash the password before sending to server for authentication?
3 days agoIn the design of a backend database, the password field suppose to be hashed using bcrypt.
There are two approaches
password = bcrypt(plain_passsword)
p
assword = bcrypt(sha1(plain_passwor
d)), where sha1(plain_password) is computed from the client side, ...
how to modify the hex code in the exploit to meet my computer requirements?
3 days agoI was looking into the latest exploit for windows server 2008 here https://www.exploit-db.co
m/exploits/41987/
and when I tried to modify the code to fit my need I stopped in this line:
# Shellcode TCP Reverse to 192.168.125.133 1337
reversetcp_shellco ...
How secure is commercial cloud storage compared to my private cloud storage?
3 days agoI've been wanting to determine the most secure way to store data via Cloud storage solutions. And although at first it may seem like a duplicate question, I have read all the similar ones and nothing seems to directly address this. Here are my assumption ...
what is the difference between Payload and Shell?
3 days agoI am new to penetration testing and I would like to know the differences between these two things: Payload (reverse tcp VS bind shell) Shell VS ShellCode Any help? Thanks in advance.
What is the difference between a payload and shellcode?
3 days agoI am new to penetration testing and I would like to know the differences between these two things: Payload (reverse TCP vs. bind shell) Shell vs. Shellcode Any help? Thanks in advance.
Email SPF record integrity
3 days agoI have been reviewing my company's SPF record with a number of our SAAS providers.
One service advised me to use 'include:amazonses.c
om' in my record to allow emails to be validated.
I am rather hesitant in allowing Amazon's service API to be allowed in ...
Communicating routed interfaces for Cisco ASA 5506-X
3 days agoRecently our organisation has been supplied a new ASA 5506-X to replace the old good PIX506e for a project. We have encountered a problem on routed interface on ASA 5506, which is very different from ASA 5505. We could not get the traffic passed from the ...
Independent Organizations that Audit Legal Engineering Vulnerability?
3 days agoAn example of a service that is potentially vulnerable to Legal Engineering attacks: Security.StackExchange, Apple's open letter - they can't or won't backdoor iOS?. Are there independent organizations that audit and actually verify whether a site is in ...
Can we run IDS on R-pi
3 days agoI have R-pi 2 model B, can i deploy IDS (Snort/ Bro) on it. I am following this [1] methodology. Any thoughts to proceed with this. I am short of time and need some sincere advice on how to perform intrusion detection for resource stringent nodes in IoT. ...
ATM Fraud Question
3 days agoMy neighbor had a guest that used a bank card to fraudulently purchase an iPad online from Apple. Neighbor was able to verify guest was the culprit with evidence and witnesses. There are also multiple ATM withdrawals that the neighbor did not make. Is i ...
What is the differerence between virtualization and sandboxing
3 days agoIs virtualization basically "easier" sandboxing ? Where the system calls are intercepted and rules are set out whether to allow the system call to go through or not. I believe system calls are traced to find out which application is making the calls via p ...
Where to find Google Authenticator backup codes?
3 days agoI'm slightly confused about obtaining Google Authenticator backup codes.
I can find my Google Account backup codes at:
https://myaccount.goo
gle.com/signinoptions/two
-step-verification
But have no idea if those are the ones I should use to restore Google ...