security.didici.cc
Using a spa login page for authentication in a openId connect servic
54 minutes agoI am looking to create a brand new authentication service that follows the OpenId connect protocol. I would like to use a username/password combination for the authentication and the authorization grant, I'm curious what the downsides are of adding the us ...
How to connect to TOR and then a SOCKS proxy?
6 hours agoI would like to connect to TOR first, and then utilize a SOCKS proxy at the end of the connection. This way, I can access websites that have banned TOR exit nodes.
I was following the guide here: https://www.whonix.org/wi
ki/Tunnels/Connecting_to_
Tor_befor ...
Digitizing your ID for anyone who asks
7 hours agoThis is more of a statement, having read the responses on the idiot banks and Plaid. I need to say this to even the smartest of you: NEVER, under any circumstance, copy, scan, or take a picture of your ID, and send it to ANYONE! That is the most unsecure ...
airodump-ng shows AP on negative channel
7 hours agoI am new to wifi and stuff, trying to learn pentesting with aircrack-ng suite. Any idea why airodump-ng is showing an access point with negative value -1 as channel ?? The AP seems to be hidden but I got a reasonable PWR reading , as opposed to the ones w ...
How to make sure I don't accidentally blackhole a real e-mail address?
8 hours agoEvery day, I get garbage e-mails from retarded addresses such as "[email protected]
koleji.com.tr" or "bushivddhclrrupeeea
[email protected]
".
I have streamlined the process of "blackholing" them with one click. I barely look at them anymore -- ju ...
Buffer overflow not working from different environment
8 hours agoI wrote my first buffer overflow exploit and it worked well with
./vulnerable $(cat payload)
but when I tried to launch it from a Python shell it didn't work
import os
os.system("./vuln
erable $(cat payload)")
This does a segmentation fault. Can someone ...
Buffer overflow not working from different environnement
8 hours agoI did write my first buffer overflow exploit and it worked well with
./vulnerable $(cat payload)
but when I tried to launch it from shell it didn't work
import os
os.system("./vuln
erable $(cat payload)")
this does a segmentation fault, can someone expla ...
What is the best way to store the verifyer for posession of a high entropy secret?
12 hours agoI know that password-hashing-function
s are to be used when storing password verifiers as passwords usually have low entropy. What about high-entropy secrets? Is it sufficient to hash them with a modern hashing algorithm or should I still use a password-ha ...
What is the best way to store a verifyer for posession of a high entropy secret?
12 hours agoI know that password-hashing-function
s are to be used when storing passwords as passwords usually have low entropy. What about high-entropy secrets? Is it sufficient to hash them with a modern hashing algorithm? Are there any modern standards how to appro ...
DIY: password key derivation tool using PBKDF2 / HMAC
15 hours agoFirst of all, I don't want to reinvent the wheel, just want to build my own car. Non-productive environment here, only for fun and entertainment (yes, I have strange hobbies). The goal is to use a single private (and never published) master password to cr ...
Can "Dylib Hijacking" really happen on iOS app?
15 hours agoI have a question about Dylib Hijacking.
I'm told that this vulnerability exists on Mac application.
Ref. https://www.virusbulletin
.com/virusbulletin/2015/0
3/dylib-hijacking-os-x
An
d he told me that it can also happen on iOS apps in theory.
I googled a lo ...
Construct a strong, (almost) unique password?
16 hours agoAfter reading Why use random characters in passwords? it seems to me that one can solve the problem of how to remember a zillion passwords while each one remains secure by constructing each password from a high entropy root modified by the name or other i ...
Chaning VPNs by docker
22 hours agoI want to use Lokinet over a primary vpn. So I created a docker for primary VPN called openvpn (it uses an openVPN connection) and tried: # docker run --net=container:openvpn --name lokinet --cap-add=NET_ADMIN --device=/dev/net/tun massiveboxe/lokinet:la ...
Chaining VPNs by docker
22 hours agoI want to use Lokinet over a primary vpn. So I created a docker for primary VPN called openvpn (it uses an openVPN connection) and tried: # docker run --net=container:openvpn --name lokinet --cap-add=NET_ADMIN --device=/dev/net/tun massiveboxe/lokinet:la ...
What is this .exe trying to do?
23 hours agoSomeome I used to know sent me this file with no further elaboration: https://www.virustotal.co
m/gui/file/7cf043acd7989d
6c5d54a42140291c4997da474
fd3b2209f4edd39e21bb56ae0
/summary
It shows up as non-malicious to a virus scan but there's something strange a ...
Is it really safe to pass sensitive data to another script via stdin, compared to passing via arguments (Linux)
1 day agoYes, the transfer to the script via arguments is visible through ps -ax, /proc//cmdline etc., BUT if someone has already gained access to your account from the outside (e.g. by hacking your browser) he will have no trouble looking not only ps -ax, but als ...
Is it worth reporting a vulnerability that allows me to get user OS?
1 day agoI have discovered a vulnerability on an online game that allows me to find the operating system of any user. Here's an example of the information I can get: chrome/97.0.4692;Windows 10 Is it worth reporting? How could the vulnerability possibly be escalat ...
Google Password I didn't create
1 day agoI opened Google, and a popup occurred briefly before I reflexively closed it. I then realized it had said something about a new password saved to the Google Password Manager, I think - which is weird, because I don't use Google's Password Manager. So I ...
Are you in need of Credit Solution?
1 day agoI am so happy to have consulted METRONET CREDIT SOLUTION for my credit repairs. I discovered that I had 5 negative items on my credit most especially IRS, delayed payments and loans and over 7 hard inquiries from every bureaus and it hindered me from movi ...
Does this hash have a name?
1 day agoI know this hash is not secure, but does this have a name? Here's the flow Create a character array with "Hello, World!" Create an empty integer with 0 For each character in the array, increment the empty integer by the ascii value of the character Th ...
Privacy - If I get a new IP from my ISP (home network), can websites infer the new IP is me?
1 day agoLet's say I am a member of a website. I always sign in from computer A, which is not linked at all with computer B, and I have always signed in from my home network. Now let's say my ISP releases the old IP, and I'm given a new one (still using the same m ...
Can POST request be changed in a HTTPS website?
1 day agoI am trying to develop a website where I grab data using javascript and send it to PHP using ajax post. However, while researching, I found that the POST request can be modified using third-parties software such as Postman (I believe). However, if I use a ...
Floss and many tools not detecting cyrillic strings in binary
1 day agoI am practicing some malware detection basics and it has caught my attention that the Cyrillic alphabet is not detected by practically any traditional string detection tool. Source Code while (strcmp(password, user_input) != 0) { printf("Guess the ...
How does this scam email from a seemingly legit domain work?
1 day agoI received a strange email from [email protected]
. Sources on the internet seem to state that this is a Facebook-owned domain but I know the email is not legit because they do not address me by my first name, but instead by my email address. Also, ...
Prove Private Key came from Apple Secure Enclave
1 day agoWith TPM 2.0, it's possible to prove that the private key of an asymmetric key pair came from a TPM device (and thus is effectively inaccessible). Is this possible with Apple's Secure Enclave on macOS?
Heap overflow - strcpy() on x86_64 (64bit)
1 day agoDescription Hi, I'm stucked at the Heap1 challenge from Exploit Education. After compile the source code in a 64bits system, without any security mechanism I try to overflow the heap in order to overwrite the main return address on the stack to control ...
Does the HTTP status code 302 guarantee no other content from the same domain was loaded/ran?
1 day agoDoes receiving the HTTP 302 status code from a domain A guarantee in any shape or form that there was no JavaScript ran or any additional content (external or not) loaded from that domain A? The hypothetical scenario where this might be useful to an attac ...
Does the HTTP status code 302 guarantee no other content was served as part of the same HTTP response?
1 day agoDoes receiving the HTTP 302 status code from a domain A guarantee in any shape or form that there was no JavaScript ran or any additional content (external or not) loaded from that domain A? The hypothetical scenario where this might be useful to an attac ...
Dissertation Project - Security and Forensics
1 day agoI'm brainstorming ideas for dissertation projects for my course of Cyber Security and Forensics. I'm looking to reach out to the active security community for inspiration on current developments in the cyber security industry and suggest a topic of study ...
Is log4j-over-slf4j vulnerable to log4shell?
1 day agoOn my server, I looked at all files containing log4j, and I only have an log4j-over-slf4j jar file. SLF4J's page about log4shell states the following: If you are using log4j-over-slf4j.jar in conjunction with the SLF4J API, you are safe unless the underl ...
Does MacOS Filevault + Mac hardware obviate lengthy login passwords?
1 day agoTake the combination of an encrypted disk with a secure enclave chip that protects a Key Encryption Key and throttles or prevents too many password guesses. Seems to me that this should be capable of defeating brute force attacks against relatively short ...
What are the pros and cons of encryption software from the hard disk manufacturer?
1 day agoI usually use Veracrypt (and in the past Truecrypt) to secure my external hard drive. I've always been taught to stick to such open-source software for my disk encryption needs, since it can be verified to be doing what it claims and the open-source commu ...
Impact of setting allowUrlEncodedPercent to true in StrictHttpFirewall
1 day agoI need to implement a public REST API that manipulates usernames. So I have an endpoint that looks like GET http://.../api/users/ where username can contain special characters (slashes, percents...) that are URL encoded (e.g. if my username is en/johndo ...
Is it possible that if you have a private account on instagram, a hacker still can have your photos?
1 day agoIs it possible that if you have a private account on instagram, a hacker still can have your photos?
Red Hat Password Security Settings(/etc/pam.d/syste
m-auth, /etc/login/defs)
2 days agoI'm doing Red Hat (RHEL 6.5) security settings.
If I set up the two files as shown below, is there no security effect on each other?
/etc/pam.d/system
-auth
password requisite pam_cracklib.so retry=3 minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1
...
ROP-Attack on picoCTF challenge
2 days agoI was trying to solve the picoCTF challenge filtered-shellcode. I started by trying to get the base-address of the libc library and executing system or execve. Important to note is that you can only use 2 Byte assembler commands, since the input will be f ...
Asymmetric encryption of very small messages
2 days agoI am working on an application which has a requirement to send very small messages (
Auditing only a specific syscall on linux
2 days ago"anyátok picsája. Nem tudom, miért nem hagyta beküldeni amit írtam, de már nagyon teli a tököm ezzel a nyomorult oldallal"
aws api gateway - usage plan rate limiting vs WAF rate rule
2 days agoIf an api in aws api-gateway has a rate-limiting usage plan and a Web ACL WAF rate rule, which will be applied first? Does a WAF rate rule provide additional protection that kicks in before the usage plan?
importing private key stub from piv card into gpg on another pc
2 days agoSorry for puzzling terminology, I'm very new to field and it's really hard to me to orient in these new things. I don't want to private key to lay around on my hdd, so I got myself yubikey, and followed this link: so I setup pins (gpg --change-pin), setup ...
How secure is the Android Keychain
2 days agoI have been able to understand the Android KeyChain API via this link. However, I want to ask how secure this API is, on the Android OS, the KeyStore is available on a cryptographic scale, but I would love an insight to the level of strength vs potential ...
Homepage shows as not secure until I reload it
2 days agoWhen I start my browser (e.g. Chrome, but I had the same behaviour also in a different browser in the past) and enter something in the address bar (not a URL but a word for example) then it redirects me to the Google search for this word. In these cases t ...
Can an authenticator app count as "something you have" and the code to open it as "something you know" for 2FA?
2 days agoIn Denmark, the current digital identification/authentica
tion solution for pretty much any online contact with the municipality, state, etc. is being switched over to a setup consisting of the following steps:
You enter your username on the site where y ...
Does the new Danish authentication solution for online contact with municipality etc. genuinely use 2FA?
2 days agoIn Denmark, the current digital identification/authentica
tion solution for pretty much any online contact with the municipality, state, etc. is being switched over to a setup consisting of the following steps:
You enter your username on the site where y ...
Apps used by malware analyst, network engineers
2 days agoI have Been studying cyber security and have done labs for this and I have come across Nmap, Zenmap, Wireshark software. To all the malware analyst and network engineers out there, how often are these kinds of software are used in your work? Daily? Just w ...
CSRF and XSS Protection with a Static Site and REST API
3 days agoI'm building an application which will support both browser and application access to REST resources. Applications will POST a username/password JSON body to a login endpoint which will return a signed JWT token in the response body. This token will be s ...
What is the advantage of AES key warp as opposed to adding a random nonce?
3 days agoI'm interested in methods of wrapping an AES DEK (Data Encryption Key) using AES KEK (Key Encryption Key). Is there an advantage to using AES key wrap (rfc3394) as opposed to simply adding a random nonce to the DEK before encrypting it? Context: My KEK i ...
Is using VPN more secured when working remotly? Is using VPN more secure when working at the office?
3 days agoI'm new to the company I work in. This company advise me to connect to the internet using a VPN when I work remotely, but also when I work in the office. I've been told it is for security reasons. I am bewildered! Why is it more secure to do so? Is there ...
Beginner in this new world
3 days agoHow to start learning To code, operate and set up Kali linux I just know basics of c++, c, and java I am really curious to learn more about it not only kali linux I want to become the best coder I am a student
Norton Antivirus, a bit late on flagging my exe?
3 days agoI am currently just practicing some C coding and thus I am making .exe files. I have run this specific file multiple times, but only after adding a second function was it flagged. Below is the output in cmd Norton only blocked it after adding the lines w ...
Can two antivirus softwares work on one android phone?
3 days agoScenario: You have one antivirus installed on your phone. You suspect that your phone might have malware on it so you do a system scan and your AV doesn't find anything. So you decide to download another AV to see if it finds something on your system. You ...
How to permanently remove DDE Exploit:O97M/DDEDownloade
r.C and where did it come from?
3 days agoStarting yesterday windows defender has found and quarantined 5 copies (see pic 1) of the following threat Exploit:O97M/DDEDownloade
r.C see here.
I tried contacting Microsoft tech support but they were not helpful at all. The guy just said to let windows ...
How to permanently remove DDE Exploit:O97M/DDEDownloade
r.C? Do I need to nuke my computer? Is it safe to not do so? [duplicate]
3 days ago1Starting yesterday windows defender has found and quarantined 5 copies (pic 1) of the following threat (pic2) Exploit:O97M/DDEDownloade
r.C see here.
I tried contacting Microsoft tech support but they were not helpful at all. The guy just said to let wind ...
What would be the best way to mitigate Azure Application Gateway WAF False Positive?
3 days agoWe have a Web API which uses the REST semantics and is protected using the Azure's Application Gateway using a Web Application Firewall. The Web App consuming this API can send in any type of data in a JSON format but what is happening is that some string ...
need help decoding [duplicate]
3 days agoi am trying to decode this data but have no idea where to start. any help would be greatly appreciated
4,2,93eba2404
abd4eaca468c828178cf3af,B
005,167c5351,16852f43,27c
,0,l6VERmVDGmY/YdIbPo5lUO
Dp418=
4,2,2700638c948c41
bb9c0a660b97571a3d,B005,1
67318d7,167bf4 ...
How does TLS use hashing from the negotiated cipher suite
3 days agoI am trying to understand why TLS only uses hashing algorithm like SHA-384 instead of using an HMAC instance like HMAC-SHA-384.
If I understand correctly, this cipher suite (ECDHE_ECDSA_WITH_AES_128
_GCM_SHA256) means:
It uses Elliptic Curve Diffie-Hellma ...
Can Firefox master password dialog be used for phishing my master password?
3 days agoI have used master password to protect my login information in Firefox. Whenever I first start Firefox and open a page requiring authentication information Firefox asks my master password before filling authentication information to the login page. I rece ...
How Is your Credit Score?
3 days agoI consigned a mortgage loan with my son six years ago. We live in two different states. The original loan was bought by another lender a year ago. No late payments until this past October and November, when I checked my credit report for December, it show ...
Why do we need to connect to a network to be able to read all packets while packet sniffing?
3 days agoI can't understand much about packet sniffing operation when it's in a network. Well, packets are encrypted with PTK to prevent sniffing from monitor mode but when we are in client mode and we connected to a network, we were able to read those packets onl ...
What are the advantages of using SiriKali vs something like Veracrypt?
4 days agoSo what are the advantages of using SiriKali vs. something like Veracrypt. They both essentially do the same thing correct. I assume Veracrypt would be more secure. What are the differences between the two. I know they use different encryption methods ...
Issue with John the ripper with new version of kali
4 days agoI have just installed the most recent version of Kali Linux and I am using john the ripper (version 1.9.0-jumbo) to crack passwords in shadow. I have followed the following tutorial cracking linux passwords and get the following output. kali㉿kali$ sudo ...
Javascript based attacks when not having JIT
4 days agoSome browsers like Chromium and recently Edge have a flag to disable JIT. What attacks/threats does this protect against and what JS based attacks are not prevented?
(HTA language) malware dropper uses "^" character in syntax of cmd.exe before calling mshta.exe to download file?
4 days agoI found a malicious excel file that was using an embedded HTA program as its dropper to download a powershell program from a malicious IP. The dropper was on a hidden sheet in the file. After reviewing the output in the sandbox I found that the syntax in ...
Malware dropper uses "^" character in syntax of cmd.exe before calling mshta.exe to download file?
4 days agoI found a malicious Excel file that was using an embedded HTA program as its dropper to download a powershell program from a malicious IP. The dropper was on a hidden sheet in the file. After reviewing the output in the sandbox I found that the syntax in ...
How safe is my data on the GitHub
4 days agoA hypothetical general question. I wondering about the integrity of data on the Github account. Suppose one uploads (carelessly or purposefully) a file with a malicious payload to the account (some pdf document, picture, etc.). Could this payload somehow ...
Infecting files on GitHub
4 days agoSuppose one uploads (carelessly or purposefully) a file with a malicious payload to their Github account (some pdf document, picture, etc.). Could this payload somehow be executed on the Github servers (through preview or alike) and corrupt (infect) any o ...
Renewing a CSRF token (as reported by the client) upon reauthenticating
4 days agoRelevant (unanswered) questions I've asked on StackOverflow:
https://s
tackoverflow.com/question
s/70703895/securely-renew
ing-a-session-without-jav
ascript-and-without-break
ing-csrf-protect
https://
stackoverflow.com/questio
ns/70713661/is-it-a-secur
ity-conce ...
Looking for a solution: trusted identity with corresponding digital signatures (QES) for intercontinental charity
4 days agoWe are looking for a solution to meet the needs of a UK incorporated charity (CIO) that has three to seven trustees from at least three continents. Obligations as trustees of a board include signing (by a quorum of the trustees): minutes of trustee meeti ...
Does having no 'if' blocks in code mitigate side-channel attacks?
4 days agoLooking through descriptions of Spectre and Meltdown it seems that speculative execution - the basis for these attacks - occurs only with branched code. Therefore, it seems logical to conclude that having no if statements would preclude speculative execut ...
signing of software/firmware for authenticity and integrity checks [closed]
4 days agoAre there any guidelines for making use of attached signature and detached signatures? Are both of these governed by IETF standards? What are the pros and cons of these two formats? I came across enveloping signature and enveloped signature? Is this limit ...
Code signing for authenticity and integrity checks
4 days agoAre there any guidelines for making use of attached signature and detached signatures? Are both of these governed by IETF standards? What are the pros and cons of these two formats? I came across enveloping signature and enveloped signature? Is this limit ...
How to just decrypt the raw contents and not verify the signature?
4 days agoI have received a PGP signed and encrypted email. As far as I know, the message body is first signed, then the resulting message body is encrypted (at least that's how it works for S/MIME). Now I want to decrypt the email, so I can see the signature part. ...
Encrypting card data at application layer over TLS(MasterCard)
4 days agoI found a article from mastercard's blog stating that, But PCI DSS compliance only says the following, (i.e) Sensitive information transmitted in untrusted/public network needs encryption, which is satisfied by TLS. Even if data should encrypted inside ...
Encrypting card data at application layer over TLS (MasterCard)
4 days agoI found an article from MasterCard's blog stating: The transport between client applications and Mastercard is secured using TLS/SSL, which means data are encrypted by default when transmitted across networks. In addition to that, some of our services im ...
What does leak in memory/info leaks?
4 days agoWhen a binary is running and there is some memory/info leak are there areas of program (or OS?) memory which are more prone to leak and is a leak in one segment worse than in another segment?
Can anti-CSRF Token prevent HTTP Request Smuggling?
4 days agoWhat is the easiest way to prevent HTTP Request Smuggling ? Can Anti-CSRF tokens prevent the server from processing the smuggled request? OR HTTP request smuggling is possible irrespective of any session id, cookie or token because back-end and front-end ...
Simplifying HTTP Error Codes
4 days agoI'm working on a REST API endpoint where we only accept requests from certain domain names. Whitelisting. A dev I'm working with recommended that we return HTTP 400 instead of HTTP 403 if the incoming IP address is not whitelisted. They said it was becaus ...
Obfuscating HTTP Error Codes
4 days agoI'm working on a REST API endpoint where we only accept requests from certain domain names. Whitelisting. A dev I'm working with recommended that we return HTTP 400 instead of HTTP 403 if the incoming IP address is not whitelisted. They said it was becaus ...
No secret key found
5 days agoI am using gpg4win 3.1.15 in Kleopatra and I can encrypt my own messages as well as decrypt them without any difficulty. However, when I try to decrypt some elses messages I receive an gpg error that the decryption failed due to no secret key found. I k ...
Is encryption worth it?
5 days agoFrom the way I understand it, at-rest encryption is used to protect data when it's being stored at a datacenter so that if someone manages to get data they shouldn't have, they don't have anything useful. But regardless of what type of encryption is being ...
Is at-rest encryption worth it if the key has to be kept accessible for decryption?
5 days agoFrom the way I understand it, at-rest encryption is used to protect data when it's being stored at a datacenter so that if someone manages to get data they shouldn't have, they don't have anything useful. But regardless of what type of encryption is being ...
Will setting up an installation on an SD card in this way prevent changes to the operating system?
5 days agoI want to set up an SBC, e.g. Raspberry Pi, Banana Pi, to work as close as possible to a computer running a Live Distro. I'm intending to use this to inspect suspicious or infected storage drives and view their contents. I'm not necessarily looking to do ...
SSL error when using curl with only trusted root certificate but server is already returning full certificate chain
5 days agoMy SSL server uses the following certificate setup: leaf -> intermediate -> root (trusted ca). I have verified using openssl that it's returning both leaf and intermediate certificate (at least I think it does): $ openssl s_client -showcerts -connect CO ...
I find the e-mail (as method of message exchange) convoluted and easy to break
5 days agoI am very well aware of the reason that e-mail is such a nightmare/mess today, in so many ways. This is not what I'm asking about. I'm wondering why it was originally decided to make e-mail so convoluted. Just to make one simple and obvious example: When ...
Why did they *originally* make e-mail so convoluted and easy to break?
5 days agoI am very well aware of the reason that e-mail is such a nightmare/mess today, in so many ways. This is not what I'm asking about. I'm wondering why it was originally decided to make e-mail so convoluted. Just to make one simple and obvious example: When ...
Phishing? All websites show the same, wrong certificate
5 days agotoday I went to my Online-Banking by typing in the correct domain name in Firefox. I could login and even see my actual balance. Then within the site a warning appeared that I should do a test-transfere for security reasons (over 7200€...). I didn't do ...
create a fake ssl certificate
5 days agoSay I create a certificate with some content and then sign it with my private key. Now, I decrypt the sign with a trusted CA's public key and somehow come up with content that can match the decrypted value and use this content to replace the initial cont ...
How advanced would spyware for android have to be in order to remain hidden from antivirus?
5 days agoI asked a similar question before but it wasn't good. What I want to know is what kind of spyware would have to be used so it can remain hidden from antivirus? Can anybody get their hands on such spyware by digging through the internet or can they create ...
Can I trust the http Host header in this context
5 days agoI have a microcontroller, connected to my WLAN, that hosts a tiny web server. I can reach the http server via 2 ways : either via a domain (admin.example.com) which acts as a reverse proxy to the ip of the microcontroller. or via the software enabled acc ...
How to MITM an http website without infiltrating any infrastructure?
5 days agoThere's a certain website designed so that junior QAs learn to find bugs. Trouble is: it's http:// there's no IP filtering users are very junior so they use their real names as user names and probably reuse their only password. I do not intend to attack ...
Sign-up/Login/Password reset - Is this a good and secure solution?
5 days agoI'm working with a dev agency for a web-based platform. Here is how they are planning to handle sign-ups on the platform as well as log-in and password reset.
Is it a good, robust and secure solution?
Thanks,
Registr
ation:
We use library ‘crypto’ and ...
Why is it not a good idea to simply encrypt the plaintext with the receiver’s public key? [duplicate]
5 days agoIf, I am encrypting the contents of a file, and I encrypt the key, and embed this into the file. I can use my private key, to decrypt, something that has been encrypted with the public key. What are some of the risks when, encrypting "plaintext" with a re ...
HTTP with encrypted message vs HTTPS
5 days agoA bit of background: I am a web developer and sometimes i integrate some form of external API in my web applications. It's the second time already that i find something strange: some APIs instead of accepting messages through HTTPS, require that i send th ...
Does the browser reuse the SSL negotiation process (and/or the tcp connection) for additional resources?
5 days agoIf a script tag https://domain.com/script
.js is loaded to a website, and then in this script there are additional calls to the same domain, such as an AJAX (xhr) request to https://domain.com/anothe
r-resource, will the browser do the SSL negotiation proce ...
Reliable online credit card number and bank account number checker?
5 days agoCan anyone please suggest me of a reliable online credit card number and bank account number checker? for context - I had taken sample cc data from internet to test the accuracy of data discovery tools like AWS Macie and BigID, test results weren't accura ...
TPM vs TCM - InTune and BitLcoker compliance in China
5 days agoIt appears that TPM is banned in China, therefore, Dell laptops shipped to China are equipped with TCM chips instead of TPM. How secure is TCM? gov backdoors? Wondering how does if devices with TCM are InTune & BitLocker compatible
Firefox unable load websites and it keep doing so after certain amount of time
5 days agoToday I turn on my firefox and something weird is going on, it can't load any website, I try to restart it/restart pc nothing works, other web browsers are fine, finally I flushed DNS and it started to work correctly. I know there are a lot of guides on h ...
What's the point of blocking third party cookies in incognito?
5 days agoWhen using incognito, any data will be cleared when the session is closed. Then why do browsers have the option to disable them?
How effective are antivirus on android for detecting spyware/stalkerware?
6 days agoAre antivirus capable of detecting self made spyware and spyware that you can buy like those marketed as child monitoring apps? I know that there is spyware that cant be detected but that kind of stuff is made by companies like NSO group and they target p ...
Experience with CISA Cyber Assessments free service?
6 days agoMy business is looking into hardening our cyber security. In doing research on what resources are available to us I discovered the CISA Cyber Hygiene services. Does anyone have any experience with using their services? I can't find very much information a ...