Top new questions this week:
|
|
I tried to capture the send-out traffic of the Android app (Google Drive, Facebook, etc.). This is my security thesis. I succeed capture send-out traffic on the Google Drive app with Mitmproxy but …
|
|
Consider the following dig command and its truncated output: dig . dnskey +dnssec +multi @a.root-servers.net … … ;; ANSWER SECTION: . 172800 IN DNSKEY 257 3 8 ( …
|
|
It seems most systems have a TPM 2 module in them now, and it seems those modules often have a physical presence pin. Are these pins actually used by any typical laptop manufactures? I have a laptop …
|
|
I’m testing a website, which is vulnerable to XSS. <input type=”hidden” id=”referer” name=”referer” value=”INJECTION_POINT”> <script> document….
|
|
Relevant question for Python: Stack Exchange: stackoverflow.com/questions/75739308/aead-authentication-with-huge-input-that-doesnt-fit-into-ram Top Answers: topanswers.xyz/python?q=…
|
|
Our web application issues governmental documents for our users. Every one of those documents needs to be signed with a private key. However, because our users find it cumbersome to point their …
|
|
I’ve created a developer cert with my companies CA for my development box. The CN is the FQDN of my development box mybox.example.com, but I’ve also added subjectAlternative names that include …
|
Greatest hits from previous weeks:
|
|
Quick note: this is not a duplicate of CSRF protection with custom headers (and without validating token) despite some overlap. That post discusses how to perform CSRF protection on Rest endpoints …
|
|
Whenever I open the Google Maps app on my Android mobile phone, Google always seems to know my location, and it is very accurate (usually it places me on the map even in the correct room). Also, this …
|
|
Is it better to create a separate SSH key for each host and user or just using the id_rsa key for all hosts to authenticate? Could one id_rsa be malpractice for the privacy/anonymity policies? having …
|
|
I know there are many discussions on salted hashes, and I understand that the purpose is to make it impossible to build a rainbow table of all possible hashes (generally up to 7 characters). My …
|
|
To deposit money into your account, some websites require that you provide them with a lot of details about your bank account: name, complete address and IBAN which includes your account number and …
|
|
I ran a scan with nmap -n -vv -A x.x.x.x –min-parallelism=50 –max-parallelism=150 -PN -T2 -oA x.x.x.x With the following result: Host is up (0.032s latency). Scanned at 2012-10-25 16:06:38 AST for …
|
|
What is the difference between .pfx and .cert certificate files? Do we distribute .pfx or .cert for client authentication?
|
Can you answer these questions?
|
|
I have a mobile hotspot that is acting as my access point. The access point operates on the 192.168.137.x subnet. My computer as well as another wireless device called ‘Device A’ are connected to the …
|
|
As an amateur cryptographer and professional slowpoke, I just learned about SRP (and other PAKE protocols), and my thoughts immediately wandered to asymmetric crypto challenge protocols, like WebAuthn(…
|
