Collaborate Disseminate
I encountered an open TCP/143 IMAP port which responded with this banner:
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Dovecot ready.
From this I … Continue reading What does the IMAP banner alone show regarding security (STARTTLS, hashing, information disclosure)?
In addition to my question: How many known time/result combinations does it take to guess a HOTP/TOTP secret?.
I’ve read often that TOTP is more secure than HOTP. One example:
TOTP provides higher security due to its time-based nature, re… Continue reading Is TOTP "more secure" and harder to crack than HOTP and why?
I’m looking into the risks associated with the use of the HTTP ‘Etag’ header and found the following relevant information already.
Information Disclosure (inodes)
This article titled: "Vulnerabilities that aren’t. ETag headers" f… Continue reading Should the use of the HTTP ‘ETag’ header be avoided for security and privacy concerns?
As of 2023, still many webservers support HTTP/1.0 and HTTP/1.1 while not supporting recent HTTP/2 and/or HTTP/3 protocols. I understand that newer HTTP versions offer various performance enhancements, but I’m particularly interested in th… Continue reading What security risks are involved in using older HTTP protocols such as HTTP/1.x that would justify upgrading to HTTP/2 or HTTP/3?
I’m exploring the history and evolution of the HTTP protocol and I know that HTTP/0.9 is generally not used anymore. It’s clear how features evolved in newer HTTP versions and how primitive HTTP/0.9 actually is with no support for headers,… Continue reading Is HTTP/0.9 considered "End-of-Life" (EOL) due to security vulnerabilities or risks?
I’m looking into HTTP version specific risks. HTTP 1.0 lacks support for persistent connections, meaning each request/response pair requires a new TCP connection to be established.
Considering the overhead associated with constantly openin… Continue reading Is HTTP/1.0 inherently more susceptible to denial-of-service (DoS) attacks?
I’m currently reading about resource record in the Domain Name System (DNS), in particular about the Time to live (TTL) aspect of start of authority records (SOA) records. It seems to me that the TTL was firstly defined in RFC 1034 and la… Continue reading Does the Time-To-Live (TTL) value of DNS records have any security implications?
I am looking into M.2 docking stations such as the Maiwo K3016S as shown below.
Is it possible to use such docking stations optionally in combination with a USB- or software write-blocker, in order to make forensic images of (Bitlocker en… Continue reading Can M.2 docking stations be used to make forensic images of (Bitlocker encrypted) M.2 disks?
I am about to make a forensic image (using dc3dd from OSFClone) of two laptops and in this specific case I’d like to startup using an bootable USB stick with OSFClone and image the disk to an external disk. The laptops (HP ProBooks) in thi… Continue reading Can I safely disable and re-enable Secure Boot when Bitlocker is used in order to make a Forensic Image?
I like to find accounts in leaked databases based on the domain name associated with the leaked mail addresses. Public databases such as https://haveibeenpwned.com/ have this ability partly. Searching is only possible when th… Continue reading How to find accounts in leaked databases based on the domain name?