gerrit – WindowsTechs.com

SQL injection inside XSS

Posted on March 3, 2021 by gerrit

Is it possible to perform an SQL injection inside an XSS attack?
And if so, where can I find information on this or some examples?

Continue reading SQL injection inside XSS→

Security risk of connecting to two networks simultaneously

Posted on February 12, 2020 by gerrit

My employer issues a list of security recommendations when using a work laptop outside of the work network. The security recommendations are related to such risks as data theft, viruses, or other unauthorised access. Most recommendations… Continue reading Security risk of connecting to two networks simultaneously→

If we should encrypt the message rather than the method of transfer, why do we care about wifi security? Is this just security theatre?

Posted on October 8, 2019 by gerrit

Most answers to this question about the security of satellite internet boil down to: encrypting the message is more important than encrypting the method of transfer.

However, there seems to be a lot of focus on wi-fi securit… Continue reading If we should encrypt the message rather than the method of transfer, why do we care about wifi security? Is this just security theatre?→

Does knowledge of one or more passwords from my password manager help an attacker crack the master password?

Posted on July 11, 2019 by gerrit

I use a keepass password manager with a master password of more than 100 bits. I keep the password file in cloud storage. If an attacker has my password file, it should be difficult for them to brute force the password. Su… Continue reading Does knowledge of one or more passwords from my password manager help an attacker crack the master password?→

How can I securily use a pre-owned smartphone?

Posted on April 23, 2019 by gerrit

Is there a feasible way to safely use a pre-owned smartphone? For a PC/Laptop I would simply shred the contents of the hard disk drive before creating new partitions. If feeling paranoid, I might even flash the BIOS (see al… Continue reading How can I securily use a pre-owned smartphone?→

How can GNSS spoofing be so easy? Don’t the satellites sign their messages?

Posted on April 2, 2019 by gerrit

BBC News reports that a new study accuses Russia of massive GPS spoofing (see also this linked blog article). I am surprised that this is so easy¹, in particular since GPS originates as a military system. Couldn’t such spoo… Continue reading How can GNSS spoofing be so easy? Don’t the satellites sign their messages?→

PDF file encrypted with my password, does that mean my password is stored in plaintext?

Posted on September 29, 2015 by gerrit

Every month, I receive an encrypted Portable Document Format (PDF) file with my payslip. I can open the file for reading with my password. Without providing my password, I cannot open the file at all.

Does that mean whoever created the … Continue reading PDF file encrypted with my password, does that mean my password is stored in plaintext?→