security.didici.cc
Detect PGP mails in encrypted ways
1 hour agoregarding to point 2 of this problems: http://secushare.org/PGP
Thanks to its easily detectable OpenPGP Message Format it is an easy exercise for any manufacturer of Deep Packet Inspection hardware to offer a detection capability for PGP-encrypted mes ...
Is it possible to detect OpenPGP mails in TLS encrypted connections?
1 hour agoRegarding to the second point of 15 reasons not to start using PGP: Thanks to its easily detectable OpenPGP Message Format it is an easy exercise for any manufacturer of Deep Packet Inspection hardware to offer a detection capability for PGP-encrypted ...
Find a list of website having the same vulnerabilty
3 hours agoI have found a vulnerability in a JavaScript file that I think more websites use. How do I found a list of websites that use the same JS script file. Can any one help, using Google Dork?
Key(session token) authentication vs default login/pass authentication
3 hours agoGood day, I am building web application and have an idea to build custom authentication system, which would be quick and secure. I do not want to use almost "default" login (email) / password combination. I want to generate for all the users random crypt ...
Usable client side file encryption on the web, can this be simplified / broken?
4 hours agoIntro: For a web based document sharing portal for high risk document (passport scans, financial documents) we want to make use of PGP signing and encryption. Since our clients consists of quite some elderly people, who are not all tech savvy, we would pr ...
Windows 7 privacy and anonymity
4 hours agoHow to improve Windows 7 privacy ? I need to make my windows to not log any data and do not send any logs to microsoft. How I shoud do it ? What I've already done Turn off telemetry Turn off updates I know it's better to use linux, but i can't do it r ...
Inject hash into sam file. Is possible?
5 hours agoI have a very uncommon scenario. I have a Windows 10 laptop with a specific configuration. On that configuration there is a user (local user, not domain user) which I don't know its password. I want to migrate that user to other Windows 10 computer trying ...
What does unknown prefix mean in gpg list key result?
5 hours agoI created a PGP key for myself. When I list it with gpg --list-keys, I saw a unknown mark in front of my account.
I replace some text with xxx
pub rsa2048 2017-05-25 [SC]
2ACF7CFFE569Axxxxx7CEF39D
C1E3599
uid [ unknown] Xi xxx
si ...
How to integrate Phishtank's phishing url list into Firefox?
7 hours agoThe phishing URL list by Phishtank seems to be regularly updated and well verified. How to integrate it as a phishing protection into Firefox? (for example as a provider for Ublock Origin?)
Service running on a closed port?
8 hours agoI just finished scanning a host and I found something unusual. My question is regarding port 50000 and 50002. Nmap shows that these ports are closed and also identifies the services running on them!How is that possible? Doesn't a closed port mean that the ...
need help with setting up an access point..!
8 hours agoso i have for the last 2 days going through this task of setting up a Rogue AP on my Kali linux running in my VM.... i am using the 64bit version and the wifi adapter is TP link TL WN722N, so my gateway in kali running in vmware is 192.168.244.2..(i got t ...
Creating a rogue AP with Kali Linux
8 hours agoso i have for the last 2 days going through this task of setting up a Rogue AP on my Kali linux running in my VM.... i am using the 64bit version and the wifi adapter is TP link TL WN722N, so my gateway in kali running in vmware is 192.168.244.2..(i got t ...
how to remove virus from pc which popup cmd window
8 hours agoi download a cracked software named free adobe illustrator full cracked by sadeem after install setup i found a cmd widow blinks 7-8 and disappear it occur after every 10 minutes and my antivirus says "windows command processor is blocked while attempting ...
How to remove a virus that pops up a command window
8 hours agoI download a cracked software. After install I found a cmd window blinks 7-8 times and then disappear. It happens every 10 minutes and my antivirus says "windows command processor is blocked while attempting to access protected application object". Also, ...
How to decode what is encrypted with zendguard! Trouble when upgrade PHP version and zendguard loader
9 hours ago1/ Description: When client request upgrade PHP but source code is encrypted with zendguard. How to cracked it or solve this solution 2/ Description: When we change port ssh default (port 22) Example: vi /etc/ssh/sshd_config (change port) iptables -I ...
My Advanced Encryption Standard source code is not working properly?
9 hours agothe code is only encrypting data of same length.please tell me the solution of this problem.[enter link description here][1]
Quick advice for encryption of existing files in a FAT32 usb drive
13 hours agoVerascrypt isn't able to do that and I don't have Bitlocker on my computer. What software, preferable freesource would you recommend to encrypt existing files in a FAT 32 USB drive?
NIDS sensors placement in the network of an organization
15 hours agoI am studying IDPs and I would like to know where network-based IDPS sensors can be placed in the segments of the network of the university organization. I am looking forward to analyse different scenarios of sensor placements and the benefits for each on ...
Does the value of security certifications for hiring/being hired decrease for more experienced positions?
16 hours agoIn an industry where there are a dizzying array of security certifications to be had, many of them are either entry-level certifications, or are based around a particular area of specialization (malware, pentest, etc...). While these are of value as a ' ...
If my phone for two factor authentication is stolen, can the attacker access my account via an email password reset?
16 hours agoSuppose I setup an online account with 2FA on my phone, and an attacker gains access to my phone. My phone is logged into my email account. The attacker knows my account username or find the username from my emails. Then he requests an email password rese ...
How vulnerable are devices on my home WiFi?
17 hours agoMy wife and I got into a discussion about the security of our home WiFi the other day, so I have come to this discussion board to see if I am wrong about how secure I/we feel. We have your normal home WiFi that is password protected, router config page i ...
Two factor authentication: Why ask for password first?
17 hours agoEvery website that I came across that uses two-factor authentication asks the user for their password first. Then, after a correct password was entered, an SMS or an e-mail is sent that contains another code you have to enter in order to actually get log ...
How to detect a compromised IoT device and subsequently investigate it?
17 hours agoGiven the number of connected devices in the average nerdly domicile, how would you detect a compromised IoT device, short of it behaving obnoxiously enough to impact the entire network? IoT devices often exhibit odd patterns of behavior, such as calling ...
How to convert https url into http url for facebook and gmail?
18 hours agoi have used ssl strip ,better cap for session hijacking it is working on some urls but i want to convert https into http. bettercap is working on outlook as per the security of Microsoft is less
Practically, when good password policies are used, how much is gained from SSH keys?
19 hours agoBackground: I am running my own servers for personal use, I have complete control over all passwords used and for the foreseeable future things will stay this way. I understand the arguments for why SSH keys are a stronger option, specifically that the e ...
What does a "-" mean in the Version field in Common Product Enumeration (CPE)?
20 hours agoI'm trying to understand the Common Product Enumeration standard published by Mitre. In the Version field, I've found references to "*" or ANY meaning "Any Version." However, when I search the CPE Dictionary, I find a dash in that field. Does that mea ...
What did that mean? Audit
21 hours agoI got this answer to my previous question http://security.stackexch
ange.com/questions/162502
/data-stolen-what-does-th
is-suspicious-audit-data-
mean
"BITS along with the TCP/IP network adapter detection and network data management protocol seem to indicate ...
I need to clarify an answer from another post about an Audit [migrated]
21 hours agoI got this answer to my previous question http://security.stackexch
ange.com/questions/162502
/data-stolen-what-does-th
is-suspicious-audit-data-
mean
"BITS along with the TCP/IP network adapter detection and network data management protocol seem to indicate ...
best books for pentesting
21 hours agodoes any body have any recommendations for the best books for learning pentesting Im trying to learn all I can about pentesting and hacking to be better at my job.
Which are best books for learning about pentesting? [on hold]
21 hours agoDoes anyone have any recommendations for suitable books for learning about pentesting. I'm trying to learn all I can about pentesting and hacking to be get better at my job.
I have the same TLS Handshake issue.
22 hours agoI have this issue in Firefox and IE 11 on my Windows 10 PC. I get to my homepage and can go no further. Whatever site I check it says it is performing a TLS handshake and never goes further.
Can I somehow require a specific certificate for a domain?
23 hours agoMy use-case is the following: I have dyndns set up to access my home server from the internet. If I use a DV certificate or a self-signed certificate I'm not actually authenticating the machine but only the domain. If my account runs out somebody can ea ...
what are the privacy advantages of DNScrypt?
1 day agoPrivacy experts recommend dnscrypt (for example r/privacy). The only advantage of dnscrypt I can see is that nobody can sniff my DNS traffic (I am using a VPN anyway) and man-in-the-middle attack (MITM) not possible. This is my config (Tomato router): ...
What are the privacy advantages of a DNS encryption service such as DNScrypt?
1 day agoPrivacy experts recommend dnscrypt (for example r/privacy). The only advantage of DNScrypt I can see is that it protects against an attacker sniffing my DNS traffic (I am using a VPN anyway) and man-in-the-middle attack (MITM) not possible. This is a scr ...
Snort on Single-Core and Ruleset
1 day agoI'm trying to use a device with 1GB of RAM and a Single 800 MHz core CPU. I will use Snort instance to analyze ALL traffic of my LAN network. Snort, unfortunately, cannot analyze all the traffic (sometimes it triggers an alert after a trigger, sometimes n ...
Snort on slow computer
1 day agoI'm trying to use a device with 1GB of RAM and a Single 800 MHz core CPU. I will use Snort to analyze traffic on my LAN network. Snort, unfortunately, cannot analyze all the traffic (sometimes it triggers an alert after a trigger, sometimes not). Is th ...
Can I run Snort on a slow computer?
1 day agoI'm trying to use a device with 1GB of RAM and a Single 800 MHz core CPU. I will use Snort to analyze traffic on my LAN network. Snort, unfortunately, cannot analyze all the traffic (sometimes it triggers an alert after a trigger, sometimes not). Is ther ...
What is the risk of a PDF "infected" with BC.Pdf.Exploit.CVE_2017_3
033?
1 day agoClamAV (detection version 20170623) detects BC.Pdf.Exploit.CVE_2017_3
033 in quite some PDF files. I wonder if this is not a false-positive because no other engines detect such "infection". The CVE regards:
Adobe Acrobat Reader versions 11.0.19 and ear ...
I'm using ssh key authorization even so my server hacked
1 day agoToday, I saw my server is heavily loaded. When I began digging I saw that someone logging with root login, despite root user haven't password, installed miner and run screen. SSH listening on other port. How it posible? Please advise! How can I fi ...
I'm using SSH with key based authentication and I believe my server has been hacked
1 day agoToday, I saw my server is heavily loaded. When I began digging I saw that someone logged in as root (despite root user not having a password), installed miner, and ran screen. SSH listening on other port. How is it possible? Please advise! How can I fin ...
Why do I need to add intermediate CA certificates to JVM's cacerts file?
1 day agoMy company uses its own PKI. The web browser which I use to access to code repository shows a certificate chain as follows: Company Root CA Company Issuing CA Intranet Server Certificate to the code repository that I want to access However, ...
What are the most common security threats that have to be considered when dealing with RDP?
1 day agoI'm dealing with a hypothetical infrastructure for enabling workers to use RDP for remote access to their work PCs. These would be virtualized Win7 machines within a VMWare vSphere environment. Workers would have to use a VPN client to connect to a VPN ga ...
Dual Code Signing: Should SHA-1 signature have a SHA-1 or SHA-2 timestamp?
1 day agoI am signing executables for our software both with a SHA-1 and a SHA-256 signature. In addition I timestamp both of these signatures. Here I am wondering: I can timestamp the SHA-1 signature with a SHA-256 timestamp, but does that make sense? I would t ...
How to verify my signed content is pkcs7 format
1 day agoi need to validate if my return string from below method is signed in pkcs7 format? how can I do it? I need to pass only content (which is to be signed) and cert by which I will sign. public static string Sign(string pan, X509Certificate2 cert) { ...
How to verify that signed content is in pkcs7 format?
1 day agoI need to validate if my the returned string (in the method below) is signed in pkcs7 format. How can I check this? I need to pass only content (which is to be signed) and cert by which I will sign. public static string Sign(string pan, X509Certificate2 ...
wanna cry attack
1 day agoA bitcoin transaction have details of the incoming address as well as the outgoing address(where the bitcoins are being transferred), so my question is why that outgoing address didn't do anything in tracking down the attackers?
tracking ransomware attackers via bitcoin transactions
1 day agoA bitcoin transaction has details of the incoming address as well as the outgoing address (where the bitcoins are being transferred), so my question is why that outgoing address has not done anything in tracking down ransomware attackers, like the wannacr ...
Why are ransomware attackers not tracked down via bitcoin transactions?
1 day agoA bitcoin transaction has details of the incoming address as well as the outgoing address (where the bitcoins are being transferred), so my question is why that outgoing address has not done anything in tracking down ransomware attackers, like the WannaCr ...
Concerns: Is Digital Advertising Alliance DAA purposefully incompetent & non compliant when it comes to Privacy & Security?
1 day agohttp://digitaladvertising
alliance.org/principles
http://optout.aboutads.in
fo - Their opt-out app that does not actually work at all
http://i.imgur.com/U
PKyWBb.png - JS Error Cant upload as Pic
Their implementation of something so simple that does not ...
how to get database administrative access in sqlinjection?
1 day agoi'm using Sqlmap tool , after successful injection on database , it return dba flag false. so how can anyone gain dba access to upload a shell?
JSON Web Encryption - Authenticated Encryption
1 day agoSo I read that JSON Web Encryption (JWE) uses only authenticated encryption. By that I understand, that the integrity of the payload is ensured by using something like AES-GCD. However, I also see that JWE supports RSA-OAEP. How is integrity ensured when ...
How do I find list of websites which has chat widget or a chatbot widget installed in there websites?
1 day agoI am trying to built a dork, that finds list of website that uses chatbot or chat widget for customer care(or for any purpose). I have no idea how I do that?
TPM ownership, what is the low level process?
1 day agoOk, starting with some ground concepts, just incase I'm mistaken: Ownership of the TPM simply means to have the owner password. Taking ownership means to clear the tpm and to initialize the owner password. 1) When taking ownership, is the owner passw ...
Is it possible to verify an account access event with a Facebook account?
1 day agoI received two e-mails (both authentic) from Facebook regarding "Someone may have accessed your account", indicating that my account was "hidden from public view" and would need to be verified. I completed this verification process (using the two-factor ...
How to encrypt sensitive user data and transport it between client and server securely?
1 day agoI'll try to be as brief as straight to the point as possible, i'm new to this so please bare with me! I might be committing a massive mistake and not even realised! Please HELP! [facepalm emoji] Application Requirements: The frontend must be a website ...
Is there a risk with making my Device ID public?
1 day agoWhen making a mobile app with ads, I am required to register my test phones as test devices by providing the Device ID. These Device IDs are unique to an individual phone. Is there any risk with publishing my app with the Device ID? Or should I remove ...
How do I know that mobile apps aren't stealing my login info?
1 day agoThis thought just occurred to me. If you're using an unofficial client to access a service (ex. BaconReader for reddit), how can you be certain that your login information isn't being stolen?
Suspicious site activity on www.computerworld.com
1 day agoJust after visiting www.computerworld.com/art
icle/2536806/networking/1
0-killer-texting-tricks.h
tml on chrome a window opened up¹. The window showed an odd behavior; it kept on switching site posts in the same window².
There were two things I noticed. F ...
decoder that decodes encrypted channels easily
1 day agoWhich HD decoder ,decodes mostly all encrypted channels with just Internet connection (without any cccam or line account in decoder box ) What model and name of decoder? Thanks for your support
Investigating the "Google detected unusual traffic from your computer network" issue [migrated]
1 day agoSo this happened to me the other day (when I searched something on Google): Not the first time. How do I go about investigating what kind of traffic is emanating from my Windows PC, and what apps are making these requests? (I suspect there's malware ...
Are there any development tools that help with both asset management and vulnerability management?
1 day agoI'm looking to improve how we manage information security within our development process. Are there any tools out there that integrate tracking of what third-party components are included within a product/release and then provide some kind of continued vu ...
GPG --fingerprint prints out completly different fingerprint
1 day agoWhen displaying the full fingerprint of a pgp key, it get a completly different one compared to the ID. For this special key: $ gpg --list-keys --fingerprint D72AF3448CC2B034 pub rsa4096 2017-02-09 [SC] [verfällt: 2027-02-07] F554 A368 7412 CFF ...
Please rate this SQL injection prevention strategy
1 day agoRecently a vendor representative told me that the reason a user couldn't log in to their site was that the password (which they check using an LDAP connection to our server) contained two consecutive dashes. I am sorry for not getting back sooner. It ...
What are some ways to locate other mobile phones within a building?
1 day agoI am currently working on a research project trying to locate people near a mobile device. Currently I have a mobile phone with monitor mode enabled and I am attempting to track other phones by looking at probe requests sent out by other phones and grabbi ...
Do we need to maintain Authentication and Authorization Logic separatly
1 day agoWe are using Keycloak Identity server which will take care of Authentication and Authorization for our new Multi Level Marketing Website. There was a discussion going on within our team to maintain Authorization concepts separately in our local database. ...
Do we need to maintain Authentication and Authorization Logic separately?
1 day agoWe are using Keycloak Identity server which will take care of Authentication and Authorization for our new Multi Level Marketing Website. There was a discussion going on within our team to maintain Authorization concepts separately in our local database. ...
The browser is performing TLS handshake. I cannot connect to the internet. How can I solve this?
1 day agoTLS blocks my access to the internet. Whyy? I am having a problem browsing the web. I am using mozilla firefox
Security Connection Failed when accessing web pages from the internet. I think the TLS handshake failed. How can I solve this? [on hold]
1 day agoTLS blocks my access to the internet. Whyy? I am having a problem browsing the web. I am using mozilla firefox.enter image description here
DMZ to LAN. SMB Print and File Sharing not working!! PLEASE HELP! [migrated]
2 days agoI have a Windows Server 2008 r2 machine on DMZ. We have a shared folder on there that one day a couple weeks ago was no longer able to be accessed. No changes occurred except for maybe windows updates. I am having an issue trying to map the shared driv ...
TLS Error messages for some websites using ie11 on Windows 10
2 days agoWe are in the process of moving from Windows 7 Java 7.75 to Windows 10 64 bit Java 8 121. The default browser is IE 11/ Edge. We are getting TLS error messages using IE11 for some HTTPS websites using windows 10 that we are not getting using Windows 7. T ...
Should I change change my OpenPGP subkey, or just extend its expiration date?
2 days agoWhat is the common practice when a subkey reaches its expiration date? Generate a new subkey Pros Increases security if the subkey has been stolen (without noticing) since Malory cannot use the old one anymore for future attacks Cons I cannot decrypt ...
Should I change my OpenPGP subkey, or just extend its expiration date?
2 days agoWhat is the common practice when a subkey reaches its expiration date? Generate a new subkey Pros Increases security if the subkey has been stolen (without noticing) since Malory cannot use the old one anymore for future attacks Cons I cannot decrypt ...
What are the security implications of storing multiple hashes for similar passwords?
2 days agoI've seen it mentioned a number of times here that an approach to preventing forced password changes from being changed to trivially similar passwords (eg, mysecurepassword1 gets changed to mysecurepassword2 and so on) is to hash multiple variations that ...
How to set a SoC with a few security professionals
2 days agoI work for a small firm beginning to explore having a SOC 2 (Security, Availability, Confidentiality) audit performed. The auditor we're working with believes we will need to have penetration testing performed annually to satisfy some of the trust service ...
Does an Embedded Content Security Policy (CSP) Enforcement ruin a "regular" CSP?
2 days agoI recently read a W3C Working Draft about the Embedded Enforcement of a Content Security Policy (CSP). This document defines a mechanism by which a web page can embed a nested browsing context if and only if it agrees to enforce a particular set of re ...
Securing communications between PoS terminals and sTunnel server
2 days agoAm I correct in thinking that a PoS Terminal only needs my public key installed on the device to connect to my sTunnel server (with Private key) and that communications between client and server will be secure?
Is accepting the current and the previous one-time password a bad practice?
2 days agoI often see two-factor authentication (2FA) methods using one-time passwords (OTP) implementations wherein the current (previous) and sometimes even 2 or 3 previous tokens are still valid. This is probably done for several reasons, I can think of: to ove ...
SSL / TLS Ciphersuites
2 days agoThere's a large list of ciphersuites inside SSL / TLS. It seems like that these ciphersuites can be categorized in terms of their underlying mechanism with following categories:
RSA Key Exchange (e.g. TLS-RSA-WITH-AES-128-CBC-
SHA256)
RSA with Ephermal Di ...
Wire vs Threema
2 days agoIs the Wire messaging app secure? is the only question I find on Wire here. I am helping a group (non-technical, non-business) to decide on whether to use Wire or Threema for event coordination/general chat. They have picked those two candidates because ...
ADO.NET bulk download of data from SQL database
2 days agoFrom what I've read, if I want to take a large DataSet and write it to a SQL database, SqlBulkCopy is the fastest method. Is there an equivalent method for going in the opposite direction? For example, if I want to populate a DataTable or DataSet in C ...
How to mitigate evil twin WIFI social engineering attack?
2 days agoI just come across this article: Capturing WPA Passwords by Targeting Users with a Fluxion Attack. Although WIFI Evil Twin attack and WIFI deauthentication attacks is known for a long time, a mature ease of use WIFI toolkit such as Luxion will escalate t ...
Oauth auth code flow: generating the "state" value
2 days agoI'm working on client implementing the "auth code" OAuth2 flow. I'm trying to find the best way to generate (and check back) the "state" parameter to prevent CSRF attacks to the login flow. I cannot store the state value server-side and attach it to a use ...
Trouble understanding the explanation of "server certificate" message in RFC 5246?
2 days ago7.4.2. Server Certificate `` When this message will be sent: The server MUST send a Certificate message whenever the agreed- upon key exchange method uses certificates for authentication (this includes all key exchange methods defined in this do ...
Interpreting a pcap file
2 days agoThis is a ctf game: Enigma 2017 practice at hackcenter.com. I do not want complete solution, just some ideas, how to approach it, what to read. ArpArpArp says: "Find the secret message the arp-spoofers are trying to block. Wireshark and Scapy are both app ...
Can recovery of decrypted text possible with memory dump with root privilege in Linux?
2 days agoSuppose Alice and Bob are communicating using secure channel and both use symmetric key algo (AES) for encryption/decryption. The scenario is like 1. Alice encrypt data M1 with secret key K and sends cipher text C1 to Bob. 2. Bob receives cipher text C1 ...
GETRANDOM syscall's relation to kernel entropy pool state
2 days agoI get that when GETRANDOM is called with bitmask 00, the entropy source is from /dev/urandom, and the CSPRNG output is blocking until internal entropy pool has at least 128 bits of entropy. Is the state of the pool readable at /proc/sys/kernel/random/e
ntr ...
Is it possible to manipulate a buffer overflow to get ESP pointing to my shellcode?
2 days agoOne tactic to evade ASLR, as we all know, is to redirect execution to a "jmp esp" instruction, which then jumps to our shellcode for execution. However, this tactic relies on ESP pointing to your shellcode; which is something that doesn't always happen wh ...
Finding Ip Adress's
2 days agoIs it illegal to find someone's ip address without them knowing? For example telling them to test a website for you but the website actually tracks there ip and you don't tell them that you tracked there ip
Finding IP addresses
2 days agoIs it illegal to find someone's IP address without them knowing? For example, telling them to test a website for you but the website actually tracks their IP and doesn't tell them that you tracked their IP.
Info Sec or Cloud/virtualization?
2 days agoJust wanted to get some advise from seasoned professionals - I am in my second semester of school in the IT program and have to choose a path - information security or cloud/virtualization - I am interested in both but was wondering if anyone had any advi ...
Data stolen? What does this suspicious audit data mean?
2 days agoMy laptop was left at someone else's house and I know they tried to enter the laptop because of the audit logs below, what I don't know and asking is what did they do on my laptop, did they hack it or steal any data? The suspicious audit logs Event view ...
Would using a dual layer of hashes for user accounts introduce security issues?
2 days agoI thought of a way to use 2 hashes over 2 servers so that if the login data was ever stolen it would only be valid for a short period however I'm no expert and wondered if you could spot a flaw in the concept? Suppose the standard hash and salt is stored ...
Is your phone hackable by someone who has your phone number?
2 days agoIf someone on those instant messaging apps for meeting people ask for your number to add you on whatsapp, etc it could be use to hack your phone ? Or to hack your computer if you are using desktop version of the app? I will appreciate your answers
Single-Server stress testing
2 days agoLet's say I own a 10GBPS server, and my target owns a server with a 1GBPS port. Assuming I don't just get ipblocked, I could choke up the bandwidth for 1GBPS severs. Is this true? I won't need any kind of botnet, or mesh of computers.
Can one single 10 GBPS server DOS a 1 GBPS server?
2 days agoLet's say I own a 10 GBPS server, and my target owns a server with a 1 GBPS port. Assuming I don't just get ipblocked, I could choke up the bandwidth for 1 GBPS severs. I won't need any kind of botnet, or mesh of computers. Is this true?
Public-key cryptography- determine if the requester valid?
2 days agoI believe I understand how key exchanges like Diffie-Hellman and RSA are meant to work. If Server1 needs to talk with Server2 it can use diffie-hellman to generate a shared secret between them and talk in private, but how does Server2 know that Server1 sh ...
Would it be possible to store Kerberos tickets on a YubiKey?
2 days agoKerberos supports different ways (ccache types) of storing tickets, such as:
FILE
MEMORY
KEYRING
I was wondering whether it would technically be possible to also store the Ticket-granting-ticket and service ticket in a YubiKey. These tickets could then b ...
How does Cisco detect malware in ecrypted traffics?
2 days agoFollowing this article, how can malware be detected in encrypted traffic? What approaches and algorithms can be used for this purposes? What types of malware can be detected?
How to identify this encryption?
2 days agoI know the key for this encryption, but I have no idea how it was generated. The more content there is, the longer it gets.
QklFMQI15qJgja5xmb
gHlqTjX/Z0odwyevrQpOI483g
G354ILllLltmPwb7CT4fIZcq9
5YMNGXyaYrp54Pjkl0jqWUD4z
ssxQHyAXmjTAtlM3NP0pd4xvo
bqvu3v9XaO7A ...
How wireless routers are turned into a FlyTrap?
2 days agoWith reference to WikiLeaks new revelations on CIA firmware CherryBlossom that has been infecting Wi-Fi routers for years. How does an attacker manage to inject an unsigned firmware without being connected to the wifi? It is feasible for an attacker if ...