Top new questions this week:
|
|
I’m moderating one small Discourse forum and we, like everyone else, get spammers from time to time. Our forum is small, like 40-60 weekly unique visitors. Our forum requires that each new user’s …
|
|
I am encrypting chat messages with RSA thus speed is no issue. It was working well before I tried transmitting a long message. Now I need to cope with the fact RSA is block, instead of stream, based. …
|
|
I bought a domain on Namecheap a few weeks back and now that I want to set it up, I visited my domain on the web and discovered that it had a valid cert issued and was pointing to an unknown site. The …
|
|
I am looking for a technical estimate of how bad the situation is regarding the recent hack of lastpass. The hack was covered by several outlets: Naked Security, Ars Technica. Lastpass has admitted …
|
|
By bugdoors, I mean OS/app devs deliberately introducing vulnerabilities & sharing with front orgs like the NSO Group which then develops and markets the spyware? Would this process be easier …
|
|
Can a client script provide to the browser a certificate to accept in a wss:// connection? The WebSocket constructor does not seem to have many options. (I am designing an IoT server that lets the …
|
|
We have react SPA application which call a back REST API. According to this paper (section 4.1) it is recommended to make a pre-session and then implement token-based CSRF protencion to stop login …
|
Greatest hits from previous weeks:
|
|
Why is Ctrl+Alt+Del required at login on certain Windows systems (I have not seen it elsewhere, but contradict me if I’m wrong) before the password can be typed in? From a usability point of view, it’…
|
|
The differences between an IDS and a firewall are that the latter prevents malicious traffic, whereas the IDS: Passive IDS: the IDS only reports that there was an intrusion. Active IDS: the IDS also …
|
|
There is a desktop client A connecting to website W in a https connection A –> W Somehow between A and W, there is a proxy G. A –> G –> W In this case, will G be able to get the …
|
|
Is it better to create a separate SSH key for each host and user or just using the id_rsa key for all hosts to authenticate? Could one id_rsa be malpractice for the privacy/anonymity policies? having …
|
|
MD5 tools output hexadecimal values. In the same manner, do SHA and RSA together produce a hexadecimal (or any other) output? What are the differences between the MD5, SHA and RSA algorithms?
|
|
How can I find out if files from my computer were written/copied/moved to a USB storage device? I want to know if there is a solution that would work in a system that has not got any monitoring/…
|
|
I have always wondered why so many websites have very firm restrictions on password length (exactly 8 characters, up to 8 characters, etc). These tend to be banks or other sites where I actually care …
|
Can you answer these questions?
|
|
I am having troubles finding and understanding when symbolic execution fail. From my understanding tools like PathCrawler use symbolic execution. I gave it this code: #include <stdio.h> #include …
|
|
I am using TPM simulator in my local VM to test FAPI API and able to seal the important data inside directory ~/.local/share/tpm2-tss/user/keystore as per the path mentioned in config file /etc/fapi-…
|
|
When generating a security.txt file, it is recommended to digitally sign it. However, security researchers must not assume that the information used in the Encryption field is actually the key used to …
|
