Collaborate Disseminate
Let’s say we have:
Publicly available HTTPS API (e.g. api.example.com). The web server that runs it uses a certificate from a publicly trusted CA (e.g. Let’s Encrypt) with both server auth and client auth usages.
A database using mutual T… Continue reading Is it a good idea to reuse certificate issued by public CA for internal database client authentication?
Sometimes I order stuff from less-known online stores that ask me to pay directly by providing a card number.
Either they don’t support PayPal or similar services or they might charge a fee for using them, so that’s what I do:
I have a ca… Continue reading Pay online with a card and then block it – any threats?
As far as I know, HTTPS URLs are encrypted (correct me if I’m wrong). There was a data leak recently and in one article about the leak I saw this picture:
If HTTPS URLs are encrypted then how did the ISP log the full URL (… Continue reading How are full URLs exposed when they are encrypted by HTTPS?
I’ve noticed a trend in how big companies (Amazon, Skype, and a few others I don’t remember in particular) handle e-mail authentication.
Rather than e-mailing clickable links with some single-use token, they’ve switched to s… Continue reading Authentication: E-mailing security codes vs clickable links
I have a single-page javascript application that communicates with a .NET API running in IIS. Authentication is done after loading the application frontend, using an OAuth token from Office 365, obtained using ADAL.js and ver… Continue reading Single-Page Application authentication and ISO 27001
My new girocard did not reach me. I wanted to call the bank to block the old and get a new one. So I checked my online banking and found a phone number (“Block card: girocard or visa card lost? Call 04106-…). I called said … Continue reading Bank wants my Online-banking PIN through the telephone
If I use fully parameterized queries everywhere, is it still necessary and/or security-relevant to somehow sanitize input? E.g. check that mail addresses are valid before sending a parameterized query against the database, or… Continue reading Sanitizing input for parameterized queries
I am starting a new website and would like to protect my privacy. I am thinking about using a Paypal account to purchase my domain and hosting, as well as for monetization further on. How easy is it for someone to figure out … Continue reading Remaining private while using Paypal
I am starting a new website and would like to protect my privacy. I am thinking about using a Paypal account to purchase my domain and hosting, as well as for monetization further on. How easy is it for someone to figure out … Continue reading Remaining private while using Paypal
I intend to create a completely anonymous blog. My threat is not the government but, the hackers who might disagree with the content of my blogs. I also want to eventually be able to monetize this blog. Can anyone please tell… Continue reading How to set up an anonymous blog?