Curious – WindowsTechs.com

If browser cookies aren’t shared between different websites, then why is Same origin Policy useful?

Posted on September 13, 2022 by Curious

I’m a beginner to Web security and I recently started reading about Same Origin Policy and it’s usefulness in preventing a malicious website from interacting with a secure website being used by a user. (For example, a bank website that a u… Continue reading If browser cookies aren’t shared between different websites, then why is Same origin Policy useful?→

Can one prove that a server can be secure against DoS?

Posted on April 8, 2022 by Curious

Is it possible to prove mathematically that a server is immune to denial-of-service attacks? Or is there some result in computer science journal that it this is an impossible task to do?

Continue reading Can one prove that a server can be secure against DoS?→

Why does QubesOS use Fedora which tends to be more buggy?

Posted on May 5, 2021 by Curious

QubesOS is security focused but uses Fedora which is reputed to be a more buggy Red Hat. If bugs can introduce security problems why use Fedora instead of say CentOS?

Continue reading Why does QubesOS use Fedora which tends to be more buggy?→

Is it safe to download pictures from websites like booru or imgur? [on hold]

Posted on June 18, 2019 by Curious

Let’s say someone has uploaded an Jpeg file with an exploit inside. Will booru (or imgur) re-encode it or not? And if not, will the user, who has downloaded this file and opened it be safe?

Continue reading Is it safe to download pictures from websites like booru or imgur? [on hold]→

Is SQL-injection a client-side or a server-side attack?

Posted on October 12, 2018 by Curious

What type of attack is SQL-injection? I am confused because this type of attack is done through the client-side. However, the attackers target is a database which is “behind” a server. Most attacks from OWASP Top 10 attacks 2… Continue reading Is SQL-injection a client-side or a server-side attack?→

Attacks on server-side web

Posted on October 10, 2018 by Curious

What types of attacks are specific for server-side web, but not client-side?
From what I have found on the Web the most attacks focus on client-side rather than server-side.

Continue reading Attacks on server-side web→

How to store data on server without an ability to read it?

Posted on February 23, 2018 by Curious

Let’s say, we develop a social network website, which allows to send personal messages between users. We don’t want anyone (even us) to read these messages, except for message sender and receiver.

Is it possible?

Continue reading How to store data on server without an ability to read it?→

Pivoting a VPN Connection

Posted on January 25, 2018 by Curious

Scenario: An attacker is connected via VPN to an unknown remote host. The remote host is assumed to have two NICs, one serving the VPN and the other serving another unknown subnet. In addition, the remote host is not exploita… Continue reading Pivoting a VPN Connection→

Simple Ciphers to Create Secure Passwords

Posted on September 16, 2014 by Curious

A shift cipher shifts every letter of a word by “n” amount and creates new word. The number of possible keys in the shift cipher is equal the size of the alphabet set from which the word is derived. For example if the words are derived fro… Continue reading Simple Ciphers to Create Secure Passwords→