Collaborate Disseminate
Recently a bunch of Anycubic 3D printers have been hacked as reported in an article from bleedingcomputer.com.
According to a wave of online reports from Anycubic customers, someone hacked their 3D printers to warn that the devices are e… Continue reading What is the potential impact of security risks associated specifically with 3D printers or their hosts? [migrated]
For example considering that ARM has TrustZone technology, and a potential reduced attack vector because it is based on a simpler RISC (Reduced Instruction Set Computing) based architecture instead of the CISC (Complex Instruction Set Comp… Continue reading In general terms does the use of ARM architecture pose any security benefits or risks over other architectures such as x86 and x64?
Firstly, a quote from a good article about the importance of memory safety by memorysafety.org:
How common are memory safety vulnerabilities?
Extremely. A recent study found that 60-70% of vulnerabilities in iOS and macOS are memory safet… Continue reading Can and should a penetration test report include an informational note about not having used a (by-design) memory-safe programming language?
I would like to know how I can test if my devices, or browsers1 checks and applies DNS Certification Authority Authorization (CAA) correctly. And if it does not, how I can enable it and enforce CAA to be checked and rejected or at least wa… Continue reading How can I test in my device checks DNS CAA correctly and rejects TLS certificates that are signed by an unauthorized CA?
Can I setup and enforce additional WiFi connection (and password) requirements on managed laptops using Windows or MacOS?
Such as:
blocking (or entirely hiding) the option to connect to open networks
blocking (or entirely hiding) networks… Continue reading Can I setup and enforce additional WiFi connection (and password) requirements on managed laptops using Windows or MacOS?
Although I disagree with the term MFA entirely if it refers to ‘login code send to email’, it’s a one-time password at best, and likely badly implemented with its associated risks. I do see quite some software having email as their only ‘M… Continue reading If only ‘two’ insecure MFA options are available (email and sms) which is ‘most secure’? [duplicate]
If I send an unknown domain name in the HTTP request header ‘Host’ to a webserver and the webserver responds with a HTTP status code 301/302 (redirect) along with a HTTP response header ‘Location’ reflecting my initial Host header input.
D… Continue reading Is a random unknown HTTP request header ‘Host’ that is reflected in the HTTP response ‘Location" header (3xx) a open redirect or DNS rebinding?
In both the TCP/IP model and the OSI model, IPSEC offers encryption on the Network Layer (IP), while other VPN protocols such as OpenVPN offer it on the Transport Layer (TCP).
Due to encapsulation obviously more information is encrypted o… Continue reading Why do most VPN protocols work on the Transport Layer and not on the Network Layer instead?
I have a question in particular about WPA’s Enterprise versus Personal without discussing the specifics of WPA2/WPA3.
I’ve encountered quite a few situations where the Personal version of WPA2/WPA3 was used while WiFi access was provided t… Continue reading What is a logical threshold in terms of users or devices to migrate from WPA personal to WPA enterprise?
Perhaps an unconventional comparison. If we ignore device compatibility for a moment and compare security features of WPA3(-three)-Personal with WPA2(-two)-Enterprise. Which is most secure and why is it? Not just in terms of encryption str… Continue reading Is WPA2-Enterprise a more secure protocol designed to protect WiFi communication compared to WPA3-Personal?