Top new questions this week:
|
I’ve read that JWT tokens are stateless and you don’t need to store the tokens in the database and that this prevents a look up step. What I don’t understand is that according to RFC 7009 you can …
|
I download all kinds of stuff from shady places. But I want to be sure there are no nasty viruses in these files. Is it enough if I just check the hash? For example, when I go www.virustotal….
|
I didn’t use a VPN and I am asking myself if my uni can see the downloaded files or even the fact that I opened the discord app to download.
|
edc.intel.com/content/www/us/en/design/ipla/software-development-platforms/client/platforms/alder-lake-desktop/12th-generation-intel-core-processors-datasheet-volume-1-of-2/002/intel-multi-key-…
|
I heard recently that WPA2 passwords can be brute forced if somebody captures handshake (which is not very difficult). Can somebody tell if a similar method exists for cracking SSH traffic? I mean …
|
I am working with this INE eCXD material and I am working on my basics of buffer overflow on Linux. In the lab, there is supposed to be a binary that is using the strcpy() function and it SEGFAULTS …
|
I would like to better understand the difference and trade-offs between WiFi’s OSEN and OWE authentication modes. My understanding is that these have broadly similar goals, namely preventing traffic …
|
Greatest hits from previous weeks:
|
I read some articles (article1, article2, article3, article4) about the Shellshock Bash bug (CVE-2014-6271 reported Sep 24, 2014) and have a general idea of what the vulnerability is and how it could …
|
On some accounts I use my real name on-line (Google+/Facebook/Wikipedia/personal blog), others (Q&A/Gaming) I use an alias. My question is: Security and privacy wise, what can people do with my …
|
If I use the following openssl req -x509 -days 365 -newkey rsa:2048 -keyout private.pem -out public.pem -nodes I get private.pem and public.pem If I use ssh-keygen -t rsa -f rsa I get rsa and …
|
What is the difference between SSH and SSL? Which one is more secure, if you can compare them together? Which has more potential vulnerabilities?
|
I read the article on Wikipedia describing what a DMZ (demilitarized zone) is on a network, but am still failing to grasp both how it is set up (ie: is it within the main network or sequestered away?) …
|
Where I work I’m forced to change my password every 90 days. This security measure has been in place in many organizations for as long as I can remember. Is there a specific security vulnerability …
|
Once an attacker has a shell as your sudoer user (or just compromised a local process enough), he/she can use one of the many privilege escalation tool to even automatically put themselves for example …
|
Can you answer these questions?
|
I’m learning about buffer overflows and that there are various different types of them, including ones you can do when you can’t directly hijack the return address. In these cases, you can hijack a …
|
There are some http security headers in the world of cyber security of web applications. These are e.g.: X-Content-Type-Options X-Frame-Options Content-Security-Policy Referrer-Policy Strict-…
|
Imagine a authorization_code flow which MUST use PAR and after succeded authorization at authorization_endpoint instead of returning code and state returns only code, but this response is encrypted …
|