Top new questions this week:
|
|
I noticed that, while browsing through many bug bounty and vulnerability disclosure programs, they don’t accept issues that are related to TLS/SSL, which includes expired security certificates. Why …
|
|
Assuming I have secret data that is encrypted (using sops for example) and a checksum of the secret data for change detection: Is it possible to derive secret information from the checksum or should …
|
|
I’m sort of confused due to contradicting information about it but I just want to know if it’s important for an attacker to be on the same Wifi network if he wants to deauthenticate another user?
|
|
An IoT device using mutual TLS can have a long running TLS connection to a server, during which time its client certificate could expire or be revoked. When that happens should the server notice and …
|
|
In absence of better solutions, is the nonce is an OpenID Connect ID Token usable to serve as digital signature. The process would be as follows: A hash is created from the to-be-signed document/…
|
|
I’m evaluating running Chromium without native sandboxing in a rootless container. A few points: You can containerize Chrome using rootless containers with something like podman. This will utilize …
|
|
Let us assume that we have a public API, for example, company.com/publicEndpoint, that can accept requests from any source. Various websites, like foo.com and bar.com, use JavaScripts that call this …
|
Greatest hits from previous weeks:
|
|
I have an internet connection with a static IP address. Almost all staff in my office know this IP address. Should I take any extra care to protect myself from hackers?
|
|
My email-provider’s website (www.gmx.de) recently started linking to the (German) site www.browsersicherheit.info/ which basically claims that due to its capabilities to modify a site’s …
|
|
I am very confused the difficult jargon available in web about OAUTH, OpenID and OPENID Connect. Can anyone tell me the difference in simple words.
|
|
I have some questions regarding IMEI numbers and data and identity theft. While searching online I have found many conflicting answers regarding this topic and would like some clarification if …
|
|
What is the difference between SSH and SSL? Which one is more secure, if you can compare them together? Which has more potential vulnerabilities?
|
|
Is it possible to provide a subjectAltName-Extension to the openssl req module directly on the command line? I know it’s possible via a openssl.cnf file, but that’s not really elegant for batch-…
|
|
If I am using a VPN to connect to Twitter, can an organisation like Anonymous or Lulzec track me and find out my identity?
|
Can you answer these questions?
|
|
I’m trying to connect to my meter by using some open-source software, all the meter supports the dlms-cosem standard. But the problem is the meter disconnected due to a failed security check. After …
|
|
To begin, please someone correct me if I am wrong, but I believe OutGuess was definitively broken in the paper “Attacking the OutGuess” in 2002 and this attack was never patched. It seems …
|
|
I am testing a cross-site scripting attack on a website, as we all know the Request.Form function validates the input so the user couldn’t insert a <script> inside the input. My focus in this …
|
