security.didici.cc

what are the disadvantages of running SSH daemon without root?

36 minutes ago

Is there any risk in running ssh daemon with no root privilege using this method: how-can-i-make-this-daemo
n-init-run-as-a-non-root-
user? Debian Developer's Best Practices for OS Security says the same thing: • Starts the daemon dropping privileges ...

How to search CMD for a specific string?

2 hours ago

I’m developing an algorithm and I need to be able to search cmd for specific strings. Does anyone know if there’s a command for this?

In TLS 1.3 handshake, can an internal error at the client be interpreted as a decrypt error at the server?

5 hours ago

In TLS 1.3 handshake protocol, the client sends the ClientHello message to the server. The server then sends back the ServerHello message followed by some encrypted messages. The client then computes keys and sends some other encrypted messages to the ser ...

Can someone crack this hash?

6 hours ago

Everytime I try to use john it says "No password hashes found" $RAR3$*1*ed6b
a434f61a174b*2b0c4cad*208
*151*1*c46bbc31c4abed5f15
91072c3a1492e5a71e2fcacb0
fa1bf848ac9e7bc648a74ee8d
9a77eb843ceafdcbe5b57db72
a4968924ad485d365ea667b57
44fab3d33cabd2c6ea74266e3
4466 ...

"The requested URL "[no URL]", is invalid." does this mean possible subdomain takeover

10 hours ago

I was testing a site on hackerone (lets call it example.com for security), and found the subdomain image.email.example.com
I noticed it showed this error message: "The requested URL "[no URL]", is invalid." and was hosted on AkamaiGHost. Does this error ...

Sim card info from contaminated phone

11 hours ago

I read your answers to the person with the infected phone and his desire to use his SIM card in a diff phone and your answer made me more comfortable in using my old SIM card, but, my question is, if I use my old SIM card to transfer contact info to my ne ...

Installing two firewalls in the same network

11 hours ago

I have a D-link DFL2500 Firewall and Pfsense installed in a PC , i want to install this two firewalls in same network (university network) , what is the best topology could i make ??

how to prove that I'm not sending text to a person

12 hours ago

I have a person saying that I am sending text messages to them and I'm not. How do I prove this?

how to prove that I'm not sending Threatening text to a person [on hold]

12 hours ago

I have a person saying that I am sending threatening text messages to them and I'm not. How do I prove this? They currently have a Order of Protection against me and I can't live at my house. How can I show that I am not sending them. I have ordered by ...

Change injection payload in SQLmap

13 hours ago

I know you can change parameters and all, but can you change the payload that you’re sending? Like if I wanted to send a payload that would put a txt in someone’s database, is that possible? I’m new to SQLi and have a lot to learn.

do SRV records make a system more vulnerable or expose too much

14 hours ago

We are all pretty comfortable with the fact that if ports 80 and 443 are open that these are for http even though some companies block 22 forcing people to repurpose 443 for ssh. So, those instances notwithstanding, does describing public services with SR ...

Where does authenticity fit into the CIA Triad?

15 hours ago

Consider a chat application where an attacker is able to send messages in any user's name. This obviously violates the message's authenticity. But what aspect of CIA would be violated? Integrity seems closest to me but that usually means that data must n ...

What will the effect of the GDPR be on password dumps?

16 hours ago

The GDPR changes a lot of data protection law, but how will it affect dumped databases of passwords? At the moment these can be used to work out the most common passwords, and sites can use this knowledge to prevent people choosing overly common password ...

CSP 'require-sri-for
9; warning

16 hours ago

In my Content Security Policy I have the following: require-sri-f
or script However, in the Chrome console I get a notice (not an error, just info): The Content-Security-Policy directive 'require-sri-for
9; is implemented behind a flag which is currently ...

What is the best way to provide security between two different networks in different locations?

18 hours ago

My question is how we can protect the network traffic between two different networks with a software solution not with the hardware solutions. The solution can be point to point package encryption or creating a tunnel like vpn. I need to figure out which ...

different between fips 196 and SSL for Authentication

20 hours ago

I want to know different between FIPS 196(public key for authentication) and ssl for Authentication. If we told FIPS 196, which is the core of most authentication protocols in use (e.g. SSL)is it ok? And we us know if use SSL for Authentication between cl ...

How to allow outgoing mails to certain domains only and block others

1 day ago

On shared hosting and mail servers is there any facility that for particular email account I can allow outgoing email to only certain domain say [email protected] and all the other domains must be blocked. If anyone tried sending mail to other domain it mus ...

How to use application's client certificate with Charles?

1 day ago

Trying to investigate private APIs on apps installed on my Android, I've noticed most modern apps use custom client certificate meaning with the trusted root certificate installed on the Android, Charles still cannot monitor the traffic because the server ...

OWASP v8 SQL Injection (advanced) Exercise

1 day ago

I have tried multiple permutations of SQL injections to bypass authentication for this WebGoat lesson. In one tab I can register an account, which I've tried but it does not let me log into the account. Has anybody encountered this lesson before? I'm unsu ...

OWASP WebGoat v8 SQL Injection (advanced) Exercise

1 day ago

I have tried multiple permutations of SQL injections to bypass authentication for this WebGoat lesson. In one tab I can register an account, which I've tried but it does not let me log into the account. Has anybody encountered this lesson before? I'm unsu ...

Problem with web

1 day ago

I have tried some doxing in leisure times but the fact is whenever this takes place sometimes the reverse lookup engines fetch broken links whats the case ? Also can bots be powerful to fetch a real thing if you program them to do extensive lookup if any ...

It it possible to host pre-signed html content so I don't need ever to upload my private key to a server?

1 day ago

The question is simple. My private key should only be necessary to resign something if it changes. If I have a static html website, can I use my private key (signed by a CA) to sign all thes html files, send everything except ny private key to the server, ...

Is there a way to tell, when looking at a packet, that an aircrack -ng attack happend?

1 day ago

I'm trying to understand how find these attacks when using a packet sniffer (specifically using Omnipeek). Is there a way to look at a packet and know that this type attack happened? I am suppose to find various aircrack -ng attacks.

Is there a way to tell, when looking at a packet, that an aircrack-ng attack happened?

1 day ago

I'm trying to understand how to find these attacks when using a packet sniffer (specifically using Omnipeek). Is there a way to look at a packet and know that this type attack happened? I want to find various aircrack-ng attacks.

Zed Attack Proxy: enumerating dynamic contents and associated parameters

1 day ago

After the initial information gathering phase, it is possible in ZAP to export or list any dynamic content and the respective parameters in a structured way, i.e., excluding the any static content (images, html pages, etc.)? If not for ZAP, do you know of ...

Suspicious Autofill on Chrome

1 day ago

I was looking at signing up for an online account at a reputable web site (Vanguard) when I noticed something suspicious. When the site prompted me with a form to enter my name, I noticed--as usual--multiple variations of my name with previous addresses ...

TLS/SSL cipher suites

1 day ago

I'm confused about cipher suites with regards to TLS/SSL. For example, I see names like RSA AES 256 CBC and RSA AES 256 GCM. I understand that RSA and AES are algorithms used for encoding and decoding information, involving some sort of secret value to d ...

I just got sent to a fake windows tech support website

1 day ago

And it spam downloaded a bunch of random files. I'm a little worried now, but I know that the people who make these websites are usually very unintelligent. However, can I have some reassurance or a way to prevent the files from causing any harm if they a ...

How can I configure e-mail alert in ArcSight?

1 day ago

ArcSight (event manager) has a functionaly to send emails to certain address when an event happens. How can I configure that? And where should I put the email destination?

Susceptibility of 7z encrypted archive files to man in the middle attacks

1 day ago

Given: A file (assume 1 GB in size) is encrypted along with filenames using 7zip into a 7z archive using AES-256 The file is uploaded to a cloud storage service such as those offered by Google, Amazon, or Microsoft The file is downloaded by a peer on a s ...

best certification testing

1 day ago

what is the best way to prepare for the performance based questions in the security+ exam. what is good software to work with beforehand in order to best prepare?

Will I be 100% secure (anonymous) when using the "regular" web through TOR?

1 day ago

If I use TOR to access "regular" internet sites, like YELP, Amazon, and others to leave reviews, will I be I 100% anonymous? (Without changing my IP and MAC addresses?) Thanks! I am not very tech savvy.

I need to download and open a file but how to check if it's safe before?

1 day ago

Someone answered to my announcement (I'm trying to sell a book online) by asking for my IBAN, my identity card and phone number and he sent a 39 kb file attachement which is meant to be his identity card. A strange picture appears over the attachment. I d ...

I need to download and open an email attachment but how to check if it's safe before?

1 day ago

Someone sent a 39 kb file email attachment. A strange picture appears over the attachment. I didn't open it. I would need to check the file but I'm afraid it's a scam. I was planning to log into my email account from a Linux live distro (like LPS, delive ...

Hide algorithm and variables

1 day ago

I have some variables in my algorithm that I would not want others to see. Party A would write an algorithm which will use my variables. But party's A algorithm should remain hidden i.e. I should not see it. I run A's algorithm which uses my variables ...

Can an attacker add malicious instructions to a cracked Password Manager app to exfiltrate credentials ? (1Password, oneSafe, etc.)

1 day ago

(In OSX) Would it be possible for an attacker to add into a password manager app (cracked illegal version, downloaded from a pirate website), instructions to make the program send credentials over the network? 1) When a cracker crack an app (OSX context) ...

How long should a JWT be valid in a PCI-DSS compliant service?

1 day ago

Is there any maximum value enforced or recommended by PCI-DSS for the expiration of the access and refresh JWT? If not enforced, what is an appropriate value to avoid problems during audits?

May have breached hipaa by accident

1 day ago

Im new as a software dev and i was assigned to implement some changes to an application. When i asked my colleague i was told it didn't exist a test version and said it had to be uploaded to the real application. Hearing this i was eager to see the change ...

How to securely send a password from one app to another app?

1 day ago

See this question/answer first: When calling a process from another process, Is sending stdin password more secure than sending an ENV variable? I am a Java developer that is building an app where it needs to call a C# process from within. In my situati ...

Are we doing something horribly wrong security-wise? Is there a better way to handle passwords?

1 day ago

Keeping things vague - I work at a company that handles compliance issues for our clients. Very often, this means we need to log onto their various accounts for various entities. We store their username and password, both to make it easier for them to rem ...

Producing secure hashes to detect data manipulation

1 day ago

I have an Android app that internally relies on a SQLite database that stores encrypted user data. The data is encrypted using AES-256, with a key generated by the PBKDF2-HMACSHA256 algorithm. The application has the need to detect manipulation of the dat ...

How to make a succesful mimicry attack when normal clusters are very small?

1 day ago

Anomaly detection IDS, sometimes, are designed to prevent mimicry attacks. After the algorithm has done the clustering, there might be few and small clusters. The attacker will have problems on generating malicious samples that can be clustered as normal ...

ensuring integrity of a sequence of jpeg files

1 day ago

how do I ensure that a sequence of files is very hard to alter either content or remove whole files. I'm thinking some kind of rolling checksum that also relies on the sum total of checksums already calculated that day. but that would allow a recalculat ...

What asset details are the most relevant in a cyber security risk assessment procedure?

1 day ago

I am identifying organisation assets for a cyber security risk assessment. I am looking for guides or industry best practices for what asset details are actually useful for the risk assessment procedure. We can easily get a lot of information on hardwar ...

How do I check gpg signature given only the fingerprint and key ID?

1 day ago

I am trying to check the integrity of my gmp-6.1.2.tar.lz download (see here). I am on CentOS 6.6 using gpg (GnuPG) 2.0.14. The GMP website only lists Key ID: 0x28C67298 Key type: 2560 bit RSA Fingerprint: 343C 2FF0 FBEE 5EC2 EDBE F399 F359 9FF8 2 ...

How to store data on server without an ability to read it?

1 day ago

Let's say, we develop a social network website, which allows to send personal messages between users. We don't want anyone (even us) to read these messages, except for message sender and receiver. Is it possible?

Email in database security vs performance

1 day ago

I have to secure a B2B web application data in a MySQL database, currently the user register his data are like that : Last name (Plain text) First name (Plain text) Email (Plain text and indexed) Password (Hashed with CRYPT_BLOWFISH method) As user log ...

What is the proper algorithm for API key & secret generation?

1 day ago

Got a requirement to provide access to a system (using Java) via API key & secret, currently the system use JWT token as authentication mechanism. Wondering the requirement & tricks to generate the key & secret. After searching on Google for a while, he ...

Need advices on API key & secret generation?

1 day ago

While working on a java project using Java, Spring-boot, Spring-security and JWT token, need to provide access via API key & secret. After searching on Google for a while about key/secret generation, here is what I found: For key generation. Seems a cry ...

SAML nameID impersonation

1 day ago

We are using the nameId from the SAML response (in email format) to identify and authorize the incoming user on our system. Could a different authenticated user not alter the SAML response from their redirection to have a different known nameId. Authorizi ...

What are the advantages of using WS-Security?

2 days ago

I am going to start a new project where I will expose a SOAP Web Service to our external partners. The main objective is to ensure the security of exchanged messages from end-to-end. Our main security requirements: Authentica
tion Integrity Anti Replay A ...

Kali Linux OS installation failing

2 days ago

I have just downloaded a iso file of kali 32-bit. I made a usb bootable kali linux installation drive with usb universal installer. Its getting detected properly and proceeds with installation. But the problem arises in the step after detect and mount CD, ...

Password managers and master passwords

2 days ago

I've just discovered the open source project MasterPassword: https://
github.com/Lyndir/MasterP
assword I like the idea behind this project. Based on the following question and answers, I feel like this would improve security, because there is absolutely ...

Is MasterPasswords password generation method good?

2 days ago

I've just discovered the open source project MasterPassword. It generates a password per site based on name, master password, site and counter. So you need to know your name and the master password to get access. I like the idea behind this project. Base ...

When calling a process from another process, Is sending stdin password more secure than sending an ENV variable?

2 days ago

I am a Java developer that is building an app where it needs to call a C# process from within. In my situation, the Java app is calling this C# program https://github.com/nddipi
azza/SharepointOnlineCook
ieFetcher. This C# program requires a password. It a ...

Preventing Crypto mining attack on system/server

2 days ago

Recently I have seen Cryptocurrency mining algorithm attack is becoming more common over the internet. Most of server/system getting compromised and using compute(CPU Processing) for processing mining data. Most of people don't even aware their system/ser ...

Store Auth-Token in Cookie or Header?

2 days ago

I do understand that a header is the "cleaner" solution to transport an auth-token from a trusted system to another in a REST call. But when you are in client-side javaScript code, the world looks different to me. Cookies can be marked as "http-only" an ...

Why doesn't sharing match the advanced sharing permissions when sharing a folder?

2 days ago

I've been playing around with windows sharing but it seems that doing a "basic" share folder is not enough to access the folders from other pc's. I'll have to configure an advanced sharing for other users to be able to access the folder. And even when ...

I can't start Kali Linux after apt-get upgrade

2 days ago

I just installed kali linux on my mac (virtualBox). After the installation was successful, I started my Kali Linux machine I ran apt-get update but then I ran apt-get upgrade then it took a really long time then the system aborted I tried to start i ...

Mounting FTP Windows

2 days ago

Target is running Acritum Femitter Server, with anon access to FTP I'm able to traverse to any directory, but I'm unable to download/view the file contents. I've tried to mount the main target directory with curlftpfs (to no avail); I have managed to mou ...

Do I need to hash or encrypt API keys before storing them in a database?

2 days ago

I'm securing API calls to a REST service I'm building using API Keys. The plan is to: When we get a new client, generate an API Key (a UUID). Email the API Key to them. They send the API Key on every call to our service (over HTTPS). We will lookup the A ...

Is Use Of Firewalls Necessary When Using Load Balancers

2 days ago

Is using a dedicated firewall hardware necessary for protecting web servers if a load balancer is used? I read that modern load balancers have all the must-have features of a firewall. Is this true? Are they going to protect against DoS attacks?

Add account to android device seems less secure than allowing access for a single app

2 days ago

I just removed and re-added my google account to my android phone. I was surprised that in order to add the account, I had to supply my normal password, and a TOTP from google authenticator. It was not an option to use an app-specific password. Since goog ...

Is debit (credit) card payment inherently broken from security point of view?

2 days ago

TL;DR I've been a user of debit cards for many years, and don't know much about the security issues. However, just thinking logically, I find the practice of paying by providing card data (i.e. card number, validity date, CVV code, card holder name) inhe ...

Can an attacker force a browser to use quirks mode to render a page?

2 days ago

During a pentest, I've found a potential vulnerability on a web page, but it can only be exploited in quirks mode. The page starts with , which triggers standards mode so at first glance, it isn't be exploitable. Are there some techniques an attacker co ...

Snort Exercises

2 days ago

I am begibibg to study Snort rules and the teacher give to us the next exercises: A server on which Snort is installed is monitoring all traffic on subnet 172.16.0.0 with mask 255.255.0.0. From now on we are going to refer to this subnet as subnet_A. The ...

Who will notice a data breach more likely, me or an online password manager?

2 days ago

Assuming somebody has managed to get your encrypted password database. If the encryption and the password are strong I assume it will be almost impossible to crack the encryption in lifetime, but anyway what could be the worst thing happening in such a si ...

FileZilla and private key with passphrase

2 days ago

I know filezilla can work with pageant for private keys protected with a passphrase, however can you use fileszilla with a private key that is protected with a passphrase without using pageant? I am talking about Filezilla 3.26.2 Many thanks.

XenApi 1.4.1 SQL Injection

2 days ago

who can tell exactly how to get the list of databases / make a copy of it? Im just trying to hack my own XenForo forum, i will update soon, but i want to figure out how to do that. All im figured out, is output when im injecting next hello.com/api.php?a
c ...

Application agent for sending applications log

2 days ago

I have a application that make logs on server. I need application that sends those logs to the log server

Is this what a brute force SSH attack looks like?

2 days ago

I reviewed the auth.log file on my Ubuntu server to find: [preauth] Feb 22 17:39:18 code-storage sshd[17271]: Disconnected from 147.135.192.203 port 49408 [preauth] Feb 22 17:40:15 code-storage sshd[17273]: Invalid user ellen from 147.135.192.203 Feb 22 ...

Mongodb $where injection

2 days ago

'$where': "this.CompanyName == How can i leverage this to trigger a reverse shell? I can execute commands through a search box but have failed to successfully get the payload to execute even though everything is escaped properly; the exploit is https:/ ...

Query regarding Google Account

2 days ago

I am using some random site in MS EDGE. There are not account associate neither with site nor browser. Now, 1) What will happen if I login in Google Account and keep it logged in. Will it collect my browsing history and cookies? 2) What will happen if I ...

Google Account collecting browser history and cookies?

2 days ago

I am using some random site in Microsoft Edge. There are no account associate neither with the site nor the browser. Now, What will happen if I login in Google Account and keep it logged in. Will it collect my browsing history and cookies? What will happ ...

Decoding requests from potentially malicious Android app

2 days ago

I have recently been doing some security evaluation work on our Android applications, by proxying all the communication through Burp Suite. I noticed one of our devices was sending requests to a domain I did not recognise, one that is registered in China ...

Passing query string into a stripe API

2 days ago

How secure is it to pass in to a Stripe website (external, not our own site) some data to prefill a form through the query string? It's an external site so we can't just pass it in encrypted like we would with our own sites data. I would assume it wouldn ...

Company wifi on different network - is my IT dept lying!

2 days ago

My company has recently changed its WiFi. It’s now External to my company’s network and is managed and provided by Virgin Media. You don’t actually have to work for the company to be able to use it, you just have to know the password. If I connect ...

My company wifi has been outsourced. Can they still monitor my traffic?

2 days ago

My company has recently changed its WiFi. It’s now external to my company’s network and is managed and provided by Virgin Media. You don’t actually have to work for the company to be able to use it, you just have to know the password. If I connect ...

Wiping a server with sensitive data

2 days ago

We have servers which we want to wipe and sell due to an environmentally friendly scheme, recycling, reducing carbon footprint etc. The servers have a raid configuration. After doing some research, I am thinking of doing the following: Use a Linux Live ...

Running a Public server securely - Design topology, steps and precautions

2 days ago

Just curious about how a perfectly designed server setup would look like? Can somebody share their rich experience one the following Design of network elements -- Loadbalancer/Firewall/SAS
/Server. Precautions about restrictions in collision domain. C ...

TCG OPAL 2.0 Specification on technical Implementation?

2 days ago

Where can one find more technical information on the TCG OPAL 2.0 standard regarding how exactly the crypto has to been implemented in self encrypting drives? I couldn't find OPAL 2.0 implementation technical papers on: https://trustedcomput
inggroup.org/ ...

Testing an untrusted browser extension securely on macOS

2 days ago

I have received a .zip file containg a browser extension for Google Chrome. How can I test this safely? Current options I consider: 1) Using a VM. Installing VirtualBox on my macos, and then running it from there. Disadvantages is: slow & clunky 2) Cre ...

IV and salt key found in shared preferences of mobile application

2 days ago

What can i do with these vectors? Is it a finding if i found in shared preferences file of a android mobile application

NSFW Website loaded on home network then open at work

2 days ago

I use my personal laptop at work. Yesterday evening I had a NSFW website open and didnt close the tab in Chrome. At work, I connected to my works network and then immediately closed the tab without reloading or clicking any links on the page. Will my work ...

how to find out a xml request in an application

2 days ago

how to find out a XML request in a given application without capturing it through Burp

I lost my IPhone

2 days ago

I recently lost my iphone 5. I had turned it off and put it away but when i went to get it, it was missing. I tried using Find My IPhone but it wouldn't work even though it says i'm signed into ICloud. Is this because it's off and how else can i track it?

What is wrong about the following configuration to stay anonymous?

2 days ago

MyPC > RDP > Windows VPS > Tor > Socks5 > Internet or MyPC with Tor sandboxed > socks5 > Internet. Which is better? Any better idea that doesn’t compromise on network speed?

Which of these configurations is better to stay anonymous on the internet?

2 days ago

MyPC > RDP > Windows VPS > Tor > Socks5 > Internet or MyPC with Tor sandboxed > socks5 > Internet. Which is better? Any better idea that doesn’t compromise on network speed?

Dovecot in auth.log suspicious entry analysis

2 days ago

I am wondering is this entry in auth.log something that I should be concerned about Feb 22 12:18:25 host1 auth: pam_unix(dovecot:auth): check pass; user unknown Feb 22 12:18:25 host1 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 eu ...

What is the pitfall to connecting with Tor on a public wifi hotspot?

2 days ago

I often use public wifi hotspots to connect to the Internet. Is my data encrypted right before it leaves my system and so protected from network observers/snooping if I use tor?

What is DNS_NXDomain?

2 days ago

I am monitoring DNS traffic from subscribers and I noticed DNS_NXDomain as part of the DNS response. I did some googling and it points to DNS attacks.

How does a NG Firewall do application visibility and classification

3 days ago

How Does Application Visibility and Control Work? The application identification (App ID) classification engine and application signature pattern-matching engine operate at Layer 7 and inspect the actual content of the payload for identifying a ...

How does a NG Firewall do application visibility and classification of TLS traffic without TLS interception and how reliable is this

3 days ago

How Does Application Visibility and Control Work? The application identification (App ID) classification engine and application signature pattern-matching engine operate at Layer 7 and inspect the actual content of the payload for identifying a ...

Verify Source code c#

3 days ago

I have a desktop application build on .net framework. If I obfuscate the code even if somebody reverse-engineers the code and tries to call my API using the altered source. can I know the API calls are not from the original source code? If, I build my app ...

How can I verify that network calls to my API come only from my C# program?

3 days ago

I have a desktop application build on the .Net framework. If I obfuscate the code, even if somebody reverse-engineers the code and tries to call my API using the altered source, can I know if the API calls are not from the original source code? If I bui ...

How do I prevent XSS in direct access to AJAX/JSON APIs?

3 days ago

In my rich client, I escape user-provided data before rendering to prevent XSS. The data comes from the server unescaped. That is necessary for data manipulation, e.g. allowing equality in "O'Donnell"
;==="O'Donnell&
quot; and avoiding situations where I mista ...

Identify private key or public certificate in DER encoded format

3 days ago

I've used the Windows certificate manager to export my public certificate used for S/MIME encryption. I'm not very familiar with Windows, nor the DER format and want to verify if the process really only exported the public certificate. The exported file ...

How httpoxy works

3 days ago

I have been doing a task on detecting if httpoxy exists on a web server. I did not have any idea about it initially. After reading from a couple of sites, I understood how it works but I'm still unclear at certain places. My understanding: The HTTP heade ...

Prevent Chrome Extension UNINSTALLATION on kiosk machine

3 days ago

My company has Chrome with our custom extension running on windows machines. Our goal is to launch chrome locally on our machines with our extension running at all times. Our users are constantly looking to uninstall our extension. Our current approac ...

Bank asking for password for encrypted document

3 days ago

My bank has advised that they are sending me a letter by email. The letter within the email will be encrypted. Rather than giving me a password for the letter, the bank asked me over the phone to provide them with a password for the document. Is it com ...