security.didici.cc

Why do services that use 2-factor authentication still ask you to provide a password?

1 hour ago

The idea of 2 factor authentication is that if you can prove that you have both a password and a device, you are trusted to be who you say you are. My question is, why does the service still ask you for the password, instead of just asking you to prove th ...

Why is it unsafe to use a password that exists online?

2 hours ago

I recently saw a post on StackExchange (which I can't find anymore) asking why something that appeared to be a random string of characters was a bad password. One of the answers was that it already exists on a website so you can Google it by just searchin ...

When is OAuth1 preferred over OAuth2

2 hours ago

Scenario: I need to build a new API for a third party company who are building a tool to capture information of new users wishing to create accounts on our enterprise platform. -x- My preferred solution: API to be secured with OAuth2.0 client_credenti ...

Can my computer get hacked if I use a local server for development only? For example Wamp

3 hours ago

So if I use a software like Wamp to test and develop my PHP websites, can someone access my computer and steal data or view my in-development websites, or even hack my computer?

Aireplay-ng causes connection issues

5 hours ago

I recently got myself a router to experiment with wireless security. I'm using the aircrack-ng suite to collect IVs with the goal of cracking the key. As part of the process, I'm use the following to perform an ARP replay attack: aireplay-ng -3 -e -h ...

Are EMV terminals required to support offline PIN as well as online PIN in US market?

6 hours ago

It is my understanding that in the US 100% of EMV transactions (contact and contactless) are expected to be performed online. If so, why would a payment gateway be requiring a US terminal to support offline PIN (if online is offered) for CVM?

How do I direct a question to DDG from Siri w/out google removing the exclamation point?

6 hours ago

How to keep searches more private using Ddg w/out somehow getting redirected to the app or extension?

Get real e-mail sender to circumvent spoofing

6 hours ago

I've posted this originally on SO, but it may as well be for here. As you know, with many e-mail services, you can get tricked into believing an e-mail has been sent from a different address. Using smtplib in Python, you can easily do the trick by manip ...

NAC bypass with MAC spoofing

6 hours ago

I just started my job as a penetration tester. Me and my mentor got to the client's office and our first order of business was to bypass the NAC system. Searching for a printer or other similar devices was our first priority, so eventually, the network g ...

Regarding Union Bounds and Probability of Events

7 hours ago

This is somewhat of a math question as well but part of a Cryptography course I'm working through online. The course covers vulnerabilities when dealing with non-uniform distributions among events and being able to evaluate the probability of these even ...

An authentication protocol to prevent phishing & solve the problem of password reuse?

7 hours ago

When writing about best practices for authentication, I find that today's best practices still leave gaping holes in security, specifically not solving the problem of password reuse by users - websites are currently sent the user's input which means they ...

Can I spoof a specific AP of a network?

8 hours ago

My college wifi requires a certificate installation and also is very unreliable. Therefore, I prefer using my mobile data when I am on campus. But the college has its own app for attendance taking and the app requires a connection to campus wifi (SSID:edu ...

How to determine TLS traffic in snort signature

9 hours ago

I am trying to have a snort signature that can detect encrypted traffic but I am not able to determine the TLS traffic using a snort signature. The content keyword search in the payload of the packet, I need to search on the header information of the pac ...

How to compute the syndrome polynomial? BCH code

10 hours ago

I have BCH cyclic code like that: B = BCH(7) of length 15 = 2 4 − 1. F 16 = F 2 [x]/(x 4 + x + 1), α ∈ F 16 is primitive. Then α, α 2 , α 3 , α 4 , α 5 , α 6 are among the roots of B. The cyclotomic classes of 2 mod 15 that we need are C 1 = { ...

How do universities and schools securely sync passwords between multiple services?

10 hours ago

I'm a student and it seems every school or university I have been to has one password that you set for your user account for logging in to university services, which is also then synced to external services the university use such as blackboard, fronter, ...

Windows feature that stores specific data about applications run to help them start faster?

11 hours ago

do you know of a Windows feature that stores specific data about applications run to help them start faster? Asking because a forensics challenge I'm attempting to do had that as a hint to find the most recently run executable. Can I get any help?

I injected my payload into an Legit App and the app don't runs on background. How can i do the same so that it runs regularly at regular intervals

13 hours ago

I injected my payload into an Legit App and the app don't runs on background. How can i do the same so that it runs regularly at regular intervals. This is the Original code of payload to run at 20 seconds. !/bin/bash whi
le : do am start --user 0 -a an ...

Use GPG smartcard and gpg-agent to protect multiple SSH keys

13 hours ago

I have a Yubikey acting as a GPG smartcard. SSH is configured to use the smart card socket for authentication, and authenticating with the GPG key with Authentication capabilities work fine. ssh-add -l 2048 SHA256:ey5VPl70RKvXSdaon6
ugxiO1ZrzqxJwz7VWZM7zv ...

How does the optional "e-mail password reset" at sync.com work?

14 hours ago

Sync.com proudly advertise that the company can't access your data but they do provide an optional email-based password reset. Most cloud storage providers differ from Sync because they can access, scan and read your files. Sync's end-to-end encrypt ...

SQL Servers UNION query-based SQL injection

16 hours ago

how I should respond when I see ongoing SQL injection Union query-based. I now source and destination IP address, what can I do, block source IP ? I need this for study purpose. Thank you

Difference in Results: a Query to DuckDuckGo and the Same Query to Google.com

19 hours ago

Why? FAQ does not adequately cover: Result based on “Amanpour and friends Brexit:” Using DuckDuckGo: ————
—— #1 Result From DuckDuckGo: “Leftist Shill TRAITOR WITCH, Christiane Amanpour on BREXIT” (Propaganda)[2016] https
://www.yout ...

network issue after using macchanger. no internet, no ipv4

19 hours ago

So I used macchanger with these commands: sudo ifconfig eth0 down sudo macchanger -r eth0 sudo ifconfig eth0 up I never had issue with that before, how ever now once I do that I loose internet. ifconfig show no ipv4 for eth0, restarting network-manag ...

Why lsadump is not working?

20 hours ago

I have a shell with root privileges, and I invoke mimikatz in it by using load kiwi in meterpreter shell. Now the problem I have facing is, I can't get the positive results. When I run this lsadump::lsa /patch then I got this information. RID : 000001f4 ...

XMAS Scan vs Inverse TCP

21 hours ago

Whats the difference between a XMAS Tree scan and an Inverse TCP scan using the FIN, URG, and PSH flags? Are they the same thing? XMAS Tree scans are designed to manipulate the PSH, URG and FIN flags of the TCP header. The Inverse TCP scan uses TCP probe ...

Get all active ASP.NET Session ID's as an attacker

22 hours ago

When a user logs into my ASP.NET application an ASP.NET_SessionId is assigned to them. This means that, potentially, an attacker could impersonate a user by using their SessionId in requests (sending the id as a cookie). I know it is possible to get them ...

Hacked aiming xgirlfreind

1 day ago

All my info gets changed I'm also getting messages from old Facebook I don't even have access to.at one point I supposedly won money and I was conversation and a third person joined in from my account.im so annoyed but what can I do to get proof if I'm pr ...

Why is Veracrypt showing 2 created partitions?

1 day ago

I wiped my 1TB Samsung 850 Evo SSD and I just used veracrypt to perform full disk encryption with it. I have another HDD drive as well that I've done this with. The HDD is sdb, and the EVO is sdc. The results look like the following. For some reason t ...

Is a Password secrure if I change one letter?

1 day ago

If I use a long password (64 characters), which is written on paper and its encrypted content never sees the internet (veracrypt volume), would a secundary volume with the same password, but one letter changed a) compromise the password itself? b) compr ...

Is a Password secure if I change one letter?

1 day ago

If I use a long password (64 characters), which is written on paper and its encrypted content never sees the internet (veracrypt volume), would a secondary volume with the same password, but one letter changed a) compromise the password itself? b) compr ...

Confused about GitHub's GPG key association and authenticity

1 day ago

I'm not sure I understand GPG, and something on GitHub has left me wondering. In git, a GPG private key can then be used to sign commits, which allows someone who is in possession of the public key of the committer to verify the signature. If they know t ...

how to exploit file upload functionality

1 day ago

I'm pentesting a website, where i'm testing an upload functionality and it only accepts pdf files and when we visit the url where the file gets uploaded it shows download prompt instead of any content. so i was able to bypass it and i upload an html file ...

Can my machine be compromised if I use an outdated application and the input data is trusted?

1 day ago

Suppose I decide to use an outdated application for some reason: maybe I can't update it for compatibility reasons, or updates are not provided in the official repositories I use, or maybe I just don't feel like upgrading it because it just works and I se ...

Why check your email in haveibeenpawned rather than regularly changing your password regardless of any leaks?

1 day ago

There's a lot of news right now about haveibeenpawned but I don't understand why people need a service like that in first place. If you're a security concious user, you'd change your passwords regularly on any website that matters (banking, email, paid se ...

Why check your email in haveibeenpwned rather than regularly changing your password regardless of any leaks?

1 day ago

There's a lot of news right now about haveibeenpwned but I don't understand why people need a service like that in first place. If you're a security conscious user, you'd change your passwords regularly on any website that matters (banking, email, paid se ...

What are the best tools to programate a Metasploit module?

1 day ago

I am developping my first Metasploit module. I read the starting page and no tools are mentioned to build a beautiful environment. At the moment, I use gedit to develop my module on Kali Linux. The problem is I am obligated to read the documentation man ...

What are the best tools to make a perfect environment to develop a Metasploit module?

1 day ago

I am developping my first Metasploit module. I read the starting page and no tools are mentioned to build a beautiful environment. At the moment, I use gedit to develop my module on Kali Linux. The problem is I am obligated to read the documentation man ...

What should a secure passphrase look like?

1 day ago

We all know that passwords should not only be randomly generated, but also look random. The reason is that attackers can use patterns or existing words to be able to bruteforce the passwords faster, so a randomly generated password that (by pure chance) l ...

How to launch a metasplot module with args in one command

1 day ago

I am developping my first Metasploit module on metasploit v5.0.1. I would like to launch my own module in one command with args and not using meterpreter. At this time, I lauch my module with theses commands : ./msf use evasion/windows/MyModule
set paylo ...

How to launch a Metasploit module with arguments in just one command

1 day ago

I am developping my first Metasploit module on Metasploit v5.0.1. I would like to launch my own module in one command with args and not using meterpreter. At this time, I lauch my module with theses commands : ./msf use evasion/windows/MyModule
set paylo ...

How does an antivirus flag homemade malware?

1 day ago

Say I made some malware in python or c# or whatever language, How would an antivirus detect that the program has malicious intent because how does the antivirus know that the program is malicious since it isn't known on its database to have malicious purp ...

how fill up a gig interface bandwidth by hping3?

1 day ago

I've been trying to test our software against DOS attacks. So, I used HPing3 but it just fill up 10-11M of my interface's bandwidth! I ran the tool 40 times, i mean 40 process of hping3, unfortunately nothing changed in my interface's bandwidth! Well, my ...

How fill up a gig interface bandwidth with hping3?

1 day ago

I've been trying to test our software against DOS attacks. So, I used 'HPing3' but it just fills up 10-11M of my interface's bandwidth! I ran the tool 40 times, I mean 40 hping3 processes, unfortunately nothing changed in my interface's bandwidth! Well, ...

How do i extract data from response and use it in url for next request in Burp Intruder?

1 day ago

URL = https://www.example.com/s
end?session=abcabcabc wh
en above url is requested, a response comes with < a > tag which contains new url with different session value like: https://www.example.com/s
end?session=xyzxyzxyz as you can notice, session value h ...

Calculating HMAC

1 day ago

I've been trying to learn how HMAC is calculated but seem to be missing something. According to this wiki page, calling HMAC-SHA1 on an empty key and message should result in a value of "fbdb1d1b18aa6c08324
b7d64b71fb76370690e1d&quo
t;. I've confirmed it with: ...

How to interpret unicornscan output? [on hold]

1 day ago

I used unicornscan to scan a website's ports: unicornscan -v -I -mT ***.91.31.1 Output: TC
P open ***.91.31.1:22 ttl 64 TCP open ***.91.31.1:53 ttl 64 TCP open ***.91.31.1:80 ttl 64 TCP open ***.91.31.1:443 ttl 64 sender statistics 268.8 pps with 3 ...

How does key exchange work? Using symmetric algorithm such as AES

1 day ago

I was wondering how does the sender give the encrypted file and the key to the receiver securely? Particularly on situations where the sender doesnt meet with the receiver (through email or through flash drive). What form or file form does the key look li ...

Is a md5 actually unable to be reversed?

1 day ago

If a md5 is one way and supposedly unable to be reversed why do we still have large data breeches with user names and passwords. Are these companies storing passwords in plain text?

Is SQL Injection Possible without double and single quotes?

1 day ago

Let's assume we're building a aql query like this:SELECT * FROM users WHERE username = 'Username' AND password='password&#
039; If we blocked the characters (") and ('), will an attacker be able to hack into it at all? Here's my regex statement /[\"\']/ and if ...

Are there researches about the anonymity friendliness of distributed version control systems?

1 day ago

This question may qualify as wiki, because it is a bit broad. I accidentally discovered that fossil repositories, that are in fact sqlite databases, may contain sensitive data. I opened a repo database file and noticed that the rcvfrom table has an ipad ...

What considerations are there for using USB WiFI adapters and how to protect against them?

1 day ago

Often with older machines, the built-in WiFi adapters have failed. These in turn drive a demand to procure USB WiFi adapters since ethernet connectivity is not a choice. Since the devices will be plugged into a USB port, what are the security considerat ...

How to calculate Public Key exponent if I have p, q, Dp, Dq, QInv?

1 day ago

I have a private key components p, q, Dp, Dq, and QInv. I need to calculate the public key modulus and exponent. Modulus was super simple p*q, but exponent I can't figure out. Have searched all the articles and often found how to go opposite way - generat ...

Why does windows defender scan my computer multiple times

1 day ago

Occasionally, Windows Defender sends me a notification that my device was scanned. This occurrence is quite ordinary and boring, but I actually devoted two seconds to reading the entire message once, and it says it scanned my device x times. For example, ...

Secret conversation identity key

1 day ago

On my messenger I have one encrypted key code. On the messenger that I and my husband share there are three encrypted keys. What is this mean? And do you receive a new key identity each time you begin a secret conversation?

Does MathML pose a security risk?

1 day ago

MathML seems like a promising and attractive technology. But Google Chrome doesn't support it, allegedly because it has "architectural security issues" according this wikipedia page. But it also says "low usage do not justify their engineering time". It s ...

Why do people say Ruby on Rails is inherently insecure?

2 days ago

Why do people say ruby on rails is inherently insecure, bad, and slow?

Does red-teaming encompass the entire skillset of a blue-teamer?

2 days ago

Currently I am potentially facing impostor syndrome in regards to the role and skillset of blue team members (defence) and red team members (attack). I personally specialise in defence capabilities, such as secure system design, secure programming, secur ...

Allow user to export data, what about security?

2 days ago

We developers of course try to create the most secure (web) application out there that will not be hacked. While we already know it's impossible to know for certain that your application is secure, we at least do our best effort. By choosing one of the b ...

How to fix WordPress CVE vulnerabilities or preventive measures?

2 days ago

I have a WordPress site running on version 4.9.8. In the recent security audit done by the organization following issues were reported. 1) Wordpress: CVE-2017-1000600: Input Validation vulnerability in thumbnail processing can result in remote code execu ...

Why robots.txt sometimes work sometimes not?

2 days ago

I am new to penetration testing While with sites sometimes robots.txt work sometimes it show error?

SSH-1 key length

2 days ago

What is the maximum size in bits of one SSH-1 key? 4096? I found some docs where this value is listed and others without limit

Many websites allow passwords equal to username or e-mail address. Is this not a security risk?

2 days ago

I'm currently testing password policies on websites to get a feeling for what might be an acceptable policy/trade-off that provides good protection for our users without frustrating them. I was surprised to find out that each and every website I tested a ...

Weird text pasted into Excel out of nowhere - hacked?

2 days ago

So while I was working in Excel, the following text appeared: 108.162.221.65
162.158.75.124 172.68.78.
28 162.158.75.124 It
9;s Cloudflare IP addresses that i hadn't copied. My first thought was, what if someone had hacked my Mac and i pasted from their cl ...

Unexpected text pasted into Excel out of nowhere - hacked?

2 days ago

While I was working in Excel, the following text appeared: 108.162.221.65
162.158.75.124 172.68.78
.28 162.158.75.124 They are Cloudflare IP addresses that I hadn't copied. My first thought was, what if someone had hacked my Mac and I pasted from their ...

Are there password managers that support a mobile app that returns a password based on a photographed bar code?

2 days ago

The company I'm working for has to manage the passwords of thousands of OT devices. Technicians out in the field must be able to retrieve the passwords that belong to a given OT device in a simple way. Out idea was to label each OT device with one (or mo ...

should nmap port be visible?

2 days ago

I'm currently working on firewall when I discovered that the firewall is exposes to alot of ports outside of internal network. I discovered this when setting up a new FTP-server using a basic nmap scan of the FTP-server. The scan reveals more than a 100 o ...

Should ports be visible to nmap?

2 days ago

I'm currently working on the firewall when I discovered that the firewall exposes a lot of ports outside of the internal network. I discovered this when setting up a new FTP server using a basic nmap scan of the FTP-server. The scan reveals more than a ...

What are the security implications of not using Intel SGX's launch token?

2 days ago

I am currently experimenting with Intel SGX and didn't really understand what the security implications of not using the launch token would be and would appreciate to better understand the rationale behind why Intel implemented it and what the consequence ...

Threat Hunting Observations : Basic Scoring Jupyter Notebook for Running processes on Windows Operating Systems

2 days ago

I am trying to create a scoring Jupyter Notebook created for Windows Processes and I was wondering about what information would I exactly need to generate a basic Score for each process running on a Windows Machine. For the information retrieval I will b ...

Is there any advantage to combining a hash algorithm with a key-derivation function?

2 days ago

Let's assume I would like to secure passwords using a modern KDF such as Argon2. The flow of information would look like this: $hash,$salt = argon2id($password, $salt). Is there any advantage to first hash the password using SHA256/512, like so $hash,$sa ...

bodily harm done from hacking, help!

2 days ago

Im goingvthrough a divorce. Husband hates me. I have been hacked since my husband and i parted. Im telling you this as i am looking sll over yo find sn answer. I have sustained an actual bodily injury virus ftom the computer hacking. I am jit kidding. ...

When pasting sensitive links or text on Google Chrome bar - does Google store my password?

2 days ago

When I paste some links or sensitive informations by mistake on the Google Chrome URL Bar, that might trigger a search on Google. Does Google store all of them, including that sensitive information?

When pasting sensitive links or text on Google Chrome bar - does Google store it?

2 days ago

When I paste some links or sensitive information by mistake on the Google Chrome URL Bar, that might trigger a search on Google. Does Google store all of them, including that sensitive information?

Identify SSL invalid handshake using wireshark

2 days ago

I am doing a research on "Network flow anomaly detection" and use wireshark for my work. I have a problem of identifying the packets with invalid ssl/tls handshakes. Is there a way/algorithm to detect these invalid ssl/tls shakes in wireshark? or any othe ...

Fuzzing of Mobile Applications

2 days ago

I have used AFL recently for fuzzing of OPENSSL and it worked great. Now I am interesting in fuzzing mobile applications like I have got some apk and ipa files which i need to fuzz. I searched on internet and findout about afl-android, ios-afl etc. Howev ...

how do i scan a WordPress website which blocks WPSCAN from scanning the website?

2 days ago

community! I am trying to scan a website which is made in WordPress ... I am trying to scan this website with WPSCAN in Kali Linux but here an error is happening ... whenever I start the scan WPSCAN runs for 2-3 min and gets Paused and after some time a ...

Techniques used by highly sophisticated entities to watch online activity

2 days ago

It is mentioned in almost every where that very strong agencies, and governments are able to watch the online activity of the people. Aside from techniques like attacking computer networks, and installing spyware on them, like the toolkits the Hackingteam ...

Techniques used by highly sophisticated entities to snoop on VPN or SSH traffic?

2 days ago

It is mentioned in almost every where that very strong agencies, and governments are able to watch the online activity of the people. Aside from techniques like attacking computer networks, and installing spyware on them, like the toolkits the Hackingteam ...

Does Auth0's free account have a limit on Auth0 Guardian Usage?

2 days ago

I am developing an application that uses Auth0 for authentication. I want to enable multi-factor authentication using the Guardian application. On the application page it says the following: Upgrade your subscription to our Developer Pro or Enterprise ...

Is a password manager better than an encrypted file for storing passwords?

2 days ago

For any passwords other than websites I log into regularly (such as Gmail, Facebook, etc.), I use apg to generate a random 20 character password. I then add that password and a username or email address to a text file I keep stored in an encrypted VeraCr ...

Why is breach-detection site "Have I Been Pwned" considered safe?

3 days ago

Whether it be due to technology the site is using, or any manual behind-the-scenes work with the data, why does this breach detection site seem to be unquestioningly safe? Wouldn't the data of you, as a user(breached/pwned or not), utilizing this tool be ...

How to track network file share accesses on workstations

3 days ago

I shared a folder created in my C drive with a colleague over the network and he was able to access it. Is there any log that will track this kind of activity? I am aware of Windows Security Event ID 5140: A network share object was accessed. Should this ...

Why is TLS1.2 wrapped in TLS1.3?

3 days ago

I was just curious about TLS1.3 which Cloudflare is one of the companies leading the implementation. I then visited blog.cloudflare.com and turned on my Wireshark. I am not 100% clear about all technical details of TLS1.3, but one of the new features that ...

How can a client verify that code sent from the server has not been tampered with?

3 days ago

While trying to understand the recent controversy involving Protonmail, I started to wonder if its possible to verify that the opensource JavaScript being sent from the server to the client hasn't been tampered with. If I understand correctly, you canno ...

From a technical perspective, how are popups like this generated on a smartphone? [migrated]

3 days ago

I'm a SysAdmin and dabble in code a bit, but I'm not a developer and certainly don't know frontend stuff like this. How are these oh-so-annoying and ubiquitous popups created exactly? HTML5? JavaScript? They are all over news sites and while eas ...

Does this attack on RSA keys reveals a major flaw, or this is no big deal with good entropy?

3 days ago

William Kuszmaul published a study of an attack for RSA public keys on his blog https://algorithmsoup.wor
dpress.com/2019/01/15/bre
aking-an-unbreakable-code
-part-1-the-hack/ The basic idea is, when people use poor PRNG to generate RSA keys, detect common ...

When websites use SMS as part of a password reset scheme, why do they ask for the user's phone number?

3 days ago

I've noticed if you do a password reset on iCloud, for example, it prompts you for your phone number before sending the SMS. Since many people already know your phone number, or it may be listed publicly somewhere, why do websites do this? Is it just to ...

What security controls that needs to be evaluated for DB2 Mainframe, SQL Server, PostgreSQL, and Guardium application?

3 days ago

I am an Information Security analyst, evaluating the above mentioned applications and looking for a high risk items the requires deeper testing. I would really appreciate guides, books, or anything that will help me with my testing.

Is it a common practice to give a user an unmodifiable password?

3 days ago

I created an online account on a website, they do not ask me for a password but just an email address, then, after acknowledging "terms of service" I was already logged-in. Then I received an email with a password (ten characters like automatically gener ...

I'm being remotely hacked & stalked by a man living about 1,750 miles away for the past 6 years

3 days ago

First off I know it is him, because he presented a text message I had written to a family member for them to read. When they asked if they could keep the printed copy, they were told no & an excuse why. I have security software on all my electronics. He h ...

How to view last run shell command via cmd.exe through a HKEY_CURRENT_USER.reg file?

3 days ago

I'm working on improving my security skills and a challenge I have is a .reg file which is HKEY_CURRENT_USER. I need to find what the last run command on the box was. Thanks, John

Using build time generated, self-signed certs for inter application authentication

3 days ago

I need to be able to authenticate requests between different applications I am responsible for. My company does have CA signed certs, but there are two problem with using it for this purpose. Currently, all applications share the same cert, but I do not ...

Isn't public key pinning unsafe?

3 days ago

Since we can use openssl x509 -force_pubkey to generate certificates with the target public key without owning the corresponding private key, isn't public key pinning fundamentally broken?

mod security rule to send email on every trigger

3 days ago

I made a script that reads the log file of the modsec 3 module in apache. It sends an email every 5 minutes with new triggers. I discovered that it is also possible to execute a script (e.g. send email) on a rule trigger (link). The following example is ...

How to identify the private key encryption algorithm using OpenSSL API?

3 days ago

I am creating a C++ application which involves loading in private key files (RSA/DSA/DH) into their respective class containers. Is there an OpenSSL function that can take a file as a parameter and determine which encryption algorithm the private key us ...

router/modem bridge mode security

3 days ago

at the moment i use TP link modem/router. i consider to buy firewall appliance the problem i really have hard time to find new modem to buy most of the stores sell modem/routers and not modems. my question is : it is possible to use my Tp-link in a brid ...

openVAS: uninitialized constant OpenVASOMP::OMPConnection
Error

3 days ago

I was searching in many forums regarding this issue like here and here, but they were mentioning using port 9390. As you can see, I am using the port, but I still get the same error. I am using openVAS in msfconsole as I am using Kali Linux distribution. ...

Match traffic which is not TLS using SNORT

3 days ago

I am having trouble creating a snort rule that will allow me to detect traffic which not TL. My goal is to detect and view the payload of the unencrypted traffic that is going to external destinations. Once I have this snort rule I will import on checkp ...

What does w.r.t. mean [on hold]

3 days ago

What does the abbreviation w.r.t. mean in the context of security and/or cryptology? It's being used the crypto books combined with other terms like: anonymity w.r.t. third parties constant-round protocols w.r.t.

How secure is this schema for Online Licensing System?

3 days ago

I'm trying to think a good way to make a licensing system without affecting user's experience and at the same to make it as secure as possible. I know it's impossible to make it 100% secure, but I would like to make it harder. What I thought so far: Reg ...

Is the core idea behind CSRF protection that the hacker doesn't know the token value?

3 days ago

I'm trying to fully understand the concept behind CSRF, and more importantly, how to protect against it. Can I assume, using only CSRF, so no XSS or other techniques, a hacker cannot know the value of the random anti-CSRF token I insert into the page?