Top new questions this week:
|
|
On Linux, the /etc/ssl/certs folder includes all the necessary public keys for Certificate Authorities. If I have not misunderstood something, this makes it possible to verify public keys received …
|
|
I work on a service that handles user authentication & authorization. I recently added 2FA support (email, sms, TOTP) and while it works great, I was wondering about the security of the one-time …
|
|
There’s a company called irisgalerie that takes high res photographs of your eye and then sells prints to you. So let’s say you got one of these pics and then posted it on social media. Could someone …
|
|
Corporate email services often use web-based solutions like gmail or office365. Is there any valid security concern in allowing third party email clients if two factor authentication is enabled on the …
|
|
One of my friends was hacked, all of his disk was encrypted. The hackers are requesting money, that obviously we don’t want to pay. I am wondering if it’s possible to decrypt everything, given that I …
|
|
I’ve read a lot about the state parameter in oauth flow. But i cant quite understand if the state validation helps my use case. end to end flow: resource owner is redirected to service provider site(…
|
|
I’m new to Security and I’m doing INE’s Penetration Testing Student Learning path. In the current lab, (Find the Secret Server) we have this setup: The exercise focuses on adding an entry to the …
|
Greatest hits from previous weeks:
|
|
If you expect to store user password securely, you need to do at least the following: $pwd=hash(hash($password) + salt) Then, you store $pwd in your system instead of the real password. I have seen …
|
|
DuckDuckGo is a search engine that claims it will not share your results with others. Many of my skeptical coworkers think it may be a scam. Is there any proof that any web search engine will …
|
|
I notice that in /usr/share/wordlists in Kali Linux (former Backtrack) there are some lists. Are they used to bruteforce something? Is there specific list for specific kind of attacks?
|
|
I am learning the basics of SSH protocol. I am confused between the contents of the following 2 files: ~/.ssh/authorized_keys: Holds a list of authorized public keys for servers. When the client …
|
|
Most users would simply type ssh-keygen and accept what they’re given by default. But what are the best practices for generating ssh keys with ssh-keygen? For example: Use -o for the OpenSSH key …
|
|
I log on to my works wifi throughout the the day whilst at work, I use apps like WhatsApp and iMessages to communicate when I need to, can my employer see the content of those messages (actually read …
|
|
I have a SIM card alone without cell phone and battery. Can it be be tracked?
|
Can you answer these questions?
|
|
I have a domain that’s using Google Workspace that doesn’t have DKIM authentication enabled. Even though DKIM isn’t set up, emails sent from that domain arrive in other inboxes and pass the DKIM check….
|
|
I have a virtual machine running on Virtualbox on my host OS. I want to make sure that my host PC is as safe from outside threats as possible. When using an ISO live image as the virtual machine, …
|
|
On our Windows Servers, we have disabled the following key exchange algorithms in registry SCHANNEL\KeyExchangeAlgorithms\ECDH SCHANNEL\KeyExchangeAlgorithms\PKCS This leaves us with only 2 …
|
