Top new questions this week:
|
|
I have a word document where I have turned off the tracking history so technically no one could track my previous changes. What if I send the word document via email? Could someone possibly use a …
|
|
I would like to run the official Docker Apache image as a non-root user. To make it work, it seems like it is necessary to chown the /usr/local/apache2 directory (see this and this): chown -hR appuser:…
|
|
Im able to connect to my managed Linux Ubuntu Server only through FTP using explicit SSL (Auth TLS) with IP restriction and SFT over SSH without IP restriction Question: which method is more secure to …
|
|
If I create a new Docker container based on a recent Debian image, and if use this container to generate a cryptographic key using Python’s secrets module, then is that key safe to use? My …
|
|
I want to do the BlueKeep exploit, but I want to do it legally. I know how to do the exploit, I am just trying to figure out how to set up something that is vulnerable to BlueKeep. How can I …
|
|
My server generates a random CRSF token if it doesn’t find one in the cookies and saves it to the cookies encrypted, and supplies the raw token in the body of the response, to be read by an SPA and …
|
|
When you use a Content Delivery Network (CDN) and want to enable HTTPS, you need to import your certificate there. So you should provide your Private Key to the CDN. Is this secure? I mean CDN can log …
|
Greatest hits from previous weeks:
|
|
I have always wondered why so many websites have very firm restrictions on password length (exactly 8 characters, up to 8 characters, etc). These tend to be banks or other sites where I actually care …
|
|
As someone who knows little about cryptography, I wonder about the choice I make when creating ssh-keys. ssh-keygen -t type, where type is either of dsa,rsa and ecdsa. Googling can give some …
|
|
I am learning the basics of SSH protocol. I am confused between the contents of the following 2 files: ~/.ssh/authorized_keys: Holds a list of authorized public keys for servers. When the client …
|
|
I’m slightly confused about obtaining Google Authenticator backup codes. I can find my Google Account backup codes at: myaccount.google.com/signinoptions/two-step-verification But have no …
|
|
I am running an Android phone without a SIM card. I am using it for web surfing. Can the police localize my phone using the cell towers (BTS)? In other words, I know Android phones emit radiations …
|
|
Lately, whenever I click on a download link in Google Chrome, it redirects to another link starting with s3.amazonaws.com, which in turn gets blocked either by Chrome or by my Antivirus (Comodo …
|
|
I want to block torrent traffic on my network because it is utilizing too much bandwidth and disrupted my network traffic. What port range should I use and what protocol TCP or UDP?
|
Can you answer these questions?
|
|
A Company would like to get ISO 271001 certified. With 10 developers and 4 others (product, QA) having access to various Github Repositories, they managed their access rights pretty good. 3 people …
|
|
I’ve been dealing with a problem that I can’t solve until I find the cause. We get regularly accounts made with scraped/leaked emails and random names. They are useless because you need to verify the …
|
|
When we use mTLS we can use access tokens constrained to client certificate that was sent to token endpoint to receive the access token. In this case, if only the client that send this request can use …
|
