Collaborate Disseminate
Is there any advantage to me installing fail2ban on my VPS web server? As far as I understood, fail2ban’s only purpose is to stop bruteforce and dictionary attacks by preventing consecutive password logins from the same IP addresses.
If I… Continue reading Do I need fail2ban if I have a strong password?
There are recommendations on this website and in the internet suggesting to never store credentials (e.g. login/password to the database that certain web application is using, or S3 access key on non-AWS instance, etc.) in pl… Continue reading Is there something insecure about storing secrets in plain text on the host FS?
On all web services that require passwords, like gmail, you are asked to set a long password. Like 8 characters or more.
The reason being higher security.
But the same services limit the number of login attempts to 3-4 tries before locki… Continue reading How are short passwords not safe if you limit the number of attempts?
Suppose you have the following code in Node:
const { token } = req.body
const hash = crypto.createHmac(‘sha256’, SECRET).update(token).digest(‘hex’)
const user = await User.findById(req.session.userId)
if (hash === user.rem… Continue reading Can string comparison realistically be exploited in a timing attack on a web server?
I want to see how my application will behave in case if the SSL certificate expires.
CSR are signed by CA, so they are not self-signed and the validity period is 2 years. For my test I want to set the expiration period as 1… Continue reading Request certificate expiration date in CSR
I use dd to “burn” an ISO file to USB stick:
dd bs=4M if=/mnt/media/ISO/Fedora-Workstation-Live-x86_64-31-1.9.iso of=/dev/sdd conv=fdatasync status=progress
Now I can see several partitions has been created:
as i was away from home. i came home to a computer with a login screen to one of my networking devices (provides wifi and stuff) in a browser (firefox) tab. i checked the history and found that the login page was accessed in … Continue reading can someone start the msftconnecttest? [on hold]
This question already has an answer here:
How to fight browser fingerprinting?
7 answers
I was using Tor Browser (some ki… Continue reading Browser that cannot be fingerprinted? [duplicate]
I’m trying a xss challenge.
I found an exploit that breaks CSP by using a JSONP callback.
I can get an alert to pop up by putting something like
<script src=”https://whitelisted.jsonp?callback=alert#1″></script>
… Continue reading how to make a http request in jsonp callback?
I’ve read similar questions being answered on the safety and privacy of school wifi certificates but my question on whether they can still track me at home stands. I’m using my own computer (not school’s) but the certificate … Continue reading Is the installed certificate used for school wifi able to track me at home?