Top new questions this week:
|
|
I’ve run a website for barely three months now and put my emails on there. I also run a catch-all address on this domain. Since my website is online, I haven’t received a single spam email on the …
|
|
As I understand, in a typical LAMP (or be it LEPP) setup, all PHP code is executed using the same user and group (“www” or similar). In a multi-user scenario (e.g. some variant of allowing …
|
|
This is from the perspective of someone who had supposedly forgotten their password. We’re doing this project wherein we “secure” an application that was given to us. We added this “…
|
|
In 2017, I was running a local website on my own dedicated server in a professional data center. FreeBSD. Installed by me remotely. Maintained carefully by me. No other human users than myself. I was …
|
|
Is it possible to use both mTLS and regular TLS (as fallback) ? I would like it to try to auth user with mTLS and fallback to standard login/password when it fail. Is this a good idea in term of …
|
|
I have a laptop, with Windows 7, no internet (with the wifi adapter physically removed). I want to use that machine for stuff like old abandonware, and don’t want to risk any type of malware or virus …
|
|
I have a problem and I’m hoping someone could help with a POC. In a web application, attacker controlled parameter X is used is used unsanitized in two separate SQL queries within the same function. …
|
Greatest hits from previous weeks:
|
|
What methods are available for testing SQL injection vulnerabilities?
|
|
I’m making a REST-API and it’s straight forward to do BASIC auth login. Then let HTTPS secure the connection so the password is protected when the api is used. Can this be considered secure?
|
|
Google Authenticator is an alternative to SMS for 2Step verification, installing an app on Android where the codes will be sent. It works without any connectivity; it even works on plane mode. This …
|
|
I use LastPass to store and use my passwords, so I do not have duplicate passwords even if I have to register four to five different accounts a day, and the passwords are long. How safe are password …
|
|
I found an unknown MAC address connected to my home router. How would I figure out what OS the IP or MAC address is running?
|
|
My email-provider’s website (www.gmx.de) recently started linking to the (German) site www.browsersicherheit.info/ which basically claims that due to its capabilities to modify a site’s …
|
|
What is the difference between SSH and SSL? Which one is more secure, if you can compare them together? Which has more potential vulnerabilities?
|
Can you answer these questions?
|
|
I’m trying to recreate a DHCP spoof (MITM) attack where the following is done: Step 1 is to perform a DHCP starvation attack to exhaust the DHCP server’s IP pool, making it unable to issue IP …
|
|
I got caught up in a phishing scam where I conducted an automated interview with emails that appeared legitimate from real people within my college. I did respond to multiple emails and the only …
|
|
I assume most of the security issues with old software are that scripts or .exe will run against the bugs in the software. and that the firmware on the device OS bugs aren’t patched. Or some parts of …
|
