SQL injection inside XSS
Is it possible to perform an SQL injection inside an XSS attack?
And if so, where can I find information on this or some examples?
Collaborate Disseminate
Is it possible to perform an SQL injection inside an XSS attack?
And if so, where can I find information on this or some examples?
My employer issues a list of security recommendations when using a work laptop outside of the work network. The security recommendations are related to such risks as data theft, viruses, or other unauthorised access. Most recommendations… Continue reading Security risk of connecting to two networks simultaneously
Most answers to this question about the security of satellite internet boil down to: encrypting the message is more important than encrypting the method of transfer.
However, there seems to be a lot of focus on wi-fi securit… Continue reading If we should encrypt the message rather than the method of transfer, why do we care about wifi security? Is this just security theatre?
I use a keepass password manager with a master password of more than 100 bits. I keep the password file in cloud storage. If an attacker has my password file, it should be difficult for them to brute force the password. Su… Continue reading Does knowledge of one or more passwords from my password manager help an attacker crack the master password?
Is there a feasible way to safely use a pre-owned smartphone? For a PC/Laptop I would simply shred the contents of the hard disk drive before creating new partitions. If feeling paranoid, I might even flash the BIOS (see al… Continue reading How can I securily use a pre-owned smartphone?
BBC News reports that a new study accuses Russia of massive GPS spoofing (see also this linked blog article). I am surprised that this is so easy¹, in particular since GPS originates as a military system. Couldn’t such spoo… Continue reading How can GNSS spoofing be so easy? Don’t the satellites sign their messages?
Every month, I receive an encrypted Portable Document Format (PDF) file with my payslip. I can open the file for reading with my password. Without providing my password, I cannot open the file at all.
Does that mean whoever created the … Continue reading PDF file encrypted with my password, does that mean my password is stored in plaintext?